Description
This issue was previously reported privately and is now being disclosed following coordination with maintainers.
BitChunks::new() computes offset + length without overflow checking.
When the sum wraps, bounds validation may be bypassed, leading to an inconsistent internal state.
This can result in a potential out-of-bounds read via safe Rust APIs.
Fix
See PR #9818
Reported by Sungjin Kim (@ksj1230)
Description
This issue was previously reported privately and is now being disclosed following coordination with maintainers.
BitChunks::new()computesoffset + lengthwithout overflow checking.When the sum wraps, bounds validation may be bypassed, leading to an inconsistent internal state.
This can result in a potential out-of-bounds read via safe Rust APIs.
Fix
See PR #9818
Reported by Sungjin Kim (@ksj1230)