Report unsoundness and patch in libafl (#2171)

* Report unsoundness and patch in libafl * [libafl] fix error format * Change std::slice to core::slice
rustsec · Dec 22, 2024 · 9e1235a · 9e1235a
1 parent 7c3ff6f
commit 9e1235a
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/crates/libafl/RUSTSEC-0000-0000.md b/crates/libafl/RUSTSEC-0000-0000.md
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libafl"
+date = "2024-12-19"
+url = "https://github.com/AFLplusplus/LibAFL/issues/1526"
+references = ["https://github.com/AFLplusplus/LibAFL/pull/1530"]
+categories = []
+keywords = ["align"]
+informational = "unsound"
+
+[versions]
+patched = [">= 0.11.2"]
+
+[affected]
+functions = {"libafl::observers::map::HitcountsMapObserver::post_exec" = ["< 0.11.2"]}
+```
+
+# Unsound usages of `core::slice::from_raw_parts_mut` 
+
+The library breaks the safety assumptions when using unsafe API `slice::from_raw_parts_mut`. The pointer passed to `from_raw_parts_mut` is misaligned by casting `u8` to `u16` raw pointer directly, which is unsound. The bug is patched by using `align_offset`, which could make sure the memory address is aligned to 2 bytes for `u16`.  
+
+This was patched in 0.11.2 in the [commit](https://github.com/AFLplusplus/LibAFL/pull/1530/commits/5a60cb31ef587d71d09d534bba39bd3973c4b35d).