Out-of-bounds read In accessor
Description
Integer overflow in array::ReadWrite::new() leading to potential memory corruption
In array::ReadWrite::new() (line 83 of accessor/src/array.rs),
let bytes = mem::size_of::<T>() * len can overflow usize when len is
very large. In release mode, this silently wraps, potentially making
bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses
(e.g. read_volatile_at) lead to undefined behavior or memory corruption.
Note: array::ReadWrite::new() itself is unsafe, so direct triggering
requires an unsafe block. However, the integer overflow violates the
implicit safety contract expected by callers and can lead to memory
corruption downstream.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version |
|---|---|---|
 cargo |
Aliases
References