Hi there,
Been seeing that repo with claims that the memory safety guarantees in #rust can be easily circumvented without using unsafe, but I lack the time/energy to look into it in detail. Any rust user has a comment on it?
Hi there,
Been seeing that repo with claims that the memory safety guarantees in #rust can be easily circumvented without using unsafe, but I lack the time/energy to look into it in detail. Any rust user has a comment on it?
laund
in reply to modulux • • •if you mean cve-rs, i am friends with the author.
you can create, through a quite complex incantation, a function to confuse the compiler about how long a reference is alive.
the rust compiler understands this core issue and errors about it, but only if you call the function directly. if you then re-assign it as a function pointer, the logic for this function pointer is missing that check. its highly unlikely to happen normally, but sadly its very hard to solve too.
laund
in reply to laund • • •safe to say "easily circumvented" is a misconception because @Speykious and some others made a crate to do it for you (as a meme/joke)
it required hours of fiddling to make it cause issues even somewhat reliably, and its still easily caught by miri (optional tool to find these kinds of issues, usually used to test unsafe code).
modulux
in reply to laund • • •