Soundess bug: `&mut` reference exposes uninitialized bytes

These lines in `unsafe fn do_resolve` convert a `&mut [u8; _]` to a `&mut SYMBOL_INFOW`:

https://github.com/rust-lang/backtrace-rs/blob/b65ab935fb2e0d59dba8966ffca09c9cc5a5f57c/src/symbolize/dbghelp.rs#L226-L227

The `SYMBOL_INFOW` type [has inter-field padding](https://play.rust-lang.org/?version=stable&mode=debug&edition=2024&gist=47bced6ac66395875c18a921c258dde2), which means that this `&mut SYMBOL_INFOW` could be used to write uninit bytes which would be exposed by the underlying `[u8; _]`.

Note that the `&mut SYMBOL_INFOW` is passed to an external function:

https://github.com/rust-lang/backtrace-rs/blob/b65ab935fb2e0d59dba8966ffca09c9cc5a5f57c/src/symbolize/dbghelp.rs#L234

`sym_from_addr` is an argument to this function:

https://github.com/rust-lang/backtrace-rs/blob/b65ab935fb2e0d59dba8966ffca09c9cc5a5f57c/src/symbolize/dbghelp.rs#L221

Any call to `do_resolve` which passes a `sym_from_addr` argument which writes to these padding locations would cause undefined behavior.

I would recommend modifying `SYMBOL_INFOW` with [explicit padding fields](https://play.rust-lang.org/?version=stable&mode=debug&edition=2024&gist=32f8dde82e9cf539bc3f151db744ca16) to mitigate this problem.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Soundess bug: `&mut` reference exposes uninitialized bytes #720

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	let mut data = Aligned8([0u8; SIZE]);
	let info = unsafe { &mut *data.0.as_mut_ptr().cast::<SYMBOL_INFOW>() };

Soundess bug: &mut reference exposes uninitialized bytes #720

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Soundess bug: `&mut` reference exposes uninitialized bytes #720