Rafael
### The source of unsoundness Hi, we found an unsound implementation in `unpack` which could create a misaligned pointer: https://github.com/tensorflow/rust/blob/62a3019cfa0720c9744b4bd5f97db953bf4066cf/src/lib.rs#L900-L903 At line 902, the `u8` pointer would cast to `TF_TString`...
### The source of unsoundness Hi, we are the researchers from [Sun Security Lab](https://sunlab-gmu.github.io/). With our bug detector, we found that `convert_primitive` might have an unsound implementation. https://github.com/Koka/odbc-rs/blob/f9e5f77fac0a6328f9759e6e0f9e10c16509aebb/src/statement/types.rs#L281-L286 At line...
### The source of unsoundness https://github.com/endoli/burst.rs/blob/9be1ad9ed83dda43b0fb4aa7cd14b140a75cabef/src/x86/mod.rs#L7636-L7648 Hi, I found that `read_32` could have unsound implementation. At line 7645, `state.opcode` is aligned to 1 byte. Casting to 4 bytes as `u32`...
https://github.com/kaist-cp/rv6/blob/f55cf8136770f58ceea7f14042cb7f6399bb4164/kernel-rs/src/fs/lfs/imap.rs#L32-L38 In `From` implementation above, we can cast from `[u8, BSIZE]` to `[u32; NENTRY]`. In addition to checking size and alignment, the results of casting around bytes between data types...
### The source of unsoundness https://github.com/vhbit/lmdb-rs/blob/3a4bd66eb92716e5115568bc101246255dececf7/src/traits.rs#L135-L142 The function `from_mdb_value` is implemented through macro on several primitive types including integers, float numbers, and bool. However, it is unsound to transmute data...
### The source of unsoundness Hi, we found that two safe functions created misaligned pointers and dereference: https://github.com/messense/if-addrs/blob/947c6342681b047b48b5f53eb75049881d2dfa20/src/sockaddr.rs#L99-L108 At line 102 and 108, they both cast the type aligned to...
### The source of unsoundness https://github.com/diwic/reffers-rs/blob/5984523d1d77fcb418fd70fde2428ed8febf5b18/src/rmba.rs#L167-L174 ### To reproduce the bug ```rs use reffers::RMBA; use std::{iter, sync}; fn make_a_few> { match count { 0 => vec![], 1 => vec![RMBA::new_box(t)], _...
Hi, we are researchers from [Sunlab](https://sunlab-gmu.github.io/). When we tried to scan Rust-based repositories with our own implemented bug detectors, we found that there are some potentially unsound usages of `slice::from_raw_parts`...
### The source of unsoundness https://github.com/solana-labs/solana-program-library/blob/282c716910b88e28495d5fb20143848bc01f79d5/token-swap/program/src/instruction.rs#L605-L611 Hi, we consider that `instruction::unpack` function unsound because it can cast `u8` type with any bit patterns to arbitrary types. This could break the...
Hi, I am the security researcher from [SunLab](https://sunlab-gmu.github.io/). I am testing our personal tools on open-source repositories and find the following unsound implemenation. ### The source of unsoundness https://github.com/tikv/pprof-rs/blob/4939f73f0cc2e8d92e3c2c50c9d02d6d4c205a86/src/collector.rs#L223-L225 The...