Skip to content

Unsound usages of unsafe implementation about c_void #67

New issue
New issue
Open
Open
Unsound usages of unsafe implementation about c_void#67
@llooFlashooll

Description

@llooFlashooll
llooFlashooll
opened on Jul 30, 2025

Hi, I am scanning this crate in the latest version using my own static analyzer tool.

Unsafe pointer conversion is found at: src/frameworks/opencl/api/memory.rs:21

pub fn create_buffer(
    context: &Context,
    flags: MemoryFlags,
    size: usize,
    host_pointer: Option<*mut u8>,
) -> Result<Memory, Error> {
    let host_ptr = host_pointer.unwrap_or(ptr::null_mut());
    Ok(Memory::from_c(try!(unsafe {
        API::ffi_create_buffer(
            context.id() as *mut libc::c_void,
            flags.bits(),
            size,
            host_ptr as *mut libc::c_void,
        )
    })))
}

This unsound implementation would create memory issues such as overflow, underflow, or misalignment. The attacker can manipulate the argument size associated with the c_void pointer with large value, which can lead to buffer overflow bug. This can further corrupt the C/C++ code.

This would cause undefined behaviors in Rust. Adversaries can manipulate the arguments to cause memory safety bugs. I am reporting this issue for your attention.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions