-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug Report: Invalid Input Handling in Scanner::slice
Method
#121
Comments
Thanks for filing this bug, but I am confused why you are looking. Has this impacted you in some way? This is some unreleased hobby code of mine. |
Our group is scanning for bugs arising from unsafe API usage in real-world programs. I have noticed that these three functions may have soundness issues. Given that this is an unsound problem, I intend to report it to RustSec for future Rust safety research.
…---- Replied Message ----
From Evan ***@***.***> Date 11/12/2024 04:34 To ***@***.***> Cc ***@***.***>***@***.***> Subject Re: [evmar/n2] Bug Report: Invalid Input Handling in `Scanner::slice` Method (Issue #121)
Thanks for filing this bug, but I am confused why you are looking. Has this impacted you in some way? This is some unreleased hobby code of mine.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
It seems like you could probably just grep for 'unsafe' and find a lot of this, hah! In case it helps any I view Rust as a language with nice safety defaults, which means I get safety when I'm writing code without thinking about it. But in my hobby code I am not bothered by writing code that is clearly unsafe, as that's only as bad as the C I might have otherwise used. I think in a professional context I would think about it differently. |
Bug Report: Invalid Input Handling in
Scanner::slice
MethodDescription
When using the
Scanner::slice
method, passing an out-of-bounds argument causes the program to panic. This behavior indicates a potential design flaw, as it fails to handle invalid input properly, impacting the stability of the application.PoC
consider the following code:
In my platform, it shows the following result.
Expected Outcome
It is expected that the method handles input errors gracefully instead of panicking. For instance, the function could return a Result type or some other form of error handling.
I notice this PoC causes program aborting without 'unsafe' block, so I think maybe it is a Bug. This panic behavior could lead to program crashes in real applications, Sorry for if I am wrong.
The text was updated successfully, but these errors were encountered: