Skip to content

Commit

Permalink
Report unsoundness of xous (#2179)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shinmao
shinmao authored Dec 28, 2024
1 parent bac14a9 commit 8e49577
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions crates/xous/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "xous"
date = "2024-12-23"
url = "https://github.com/betrusted-io/xous-core/issues/410"
references = ["https://github.com/betrusted-io/xous-core/pull/411"]
categories = []
keywords = []
informational = "unsound"

[versions]
patched = [">= 0.9.51"]

[affected]
functions = {"xous::definitions::MemoryRange::as_slice" = ["< 0.9.51"], "xous::definitions::MemoryRange::as_slice_mut" = ["< 0.9.51"]}
```

# Unsound usages of `core::slice::from_raw_parts`

We consider `as_slice` and `as_slice_mut` unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated `from_parts`. We consider that `from_parts` should be removed in latest version because it will help trigger unsoundness in `as_slice`. With new declared as unsafe, `as_slice` should also declared as unsafe.

This was patched in by marking two functions as `unsafe`.

0 comments on commit 8e49577

Please sign in to comment.