Unsound usages of unsafe implementation about c_void #72
Description
Hi, I am scanning this crate in the latest version using my own static analyzer tool.
Unsafe pointer conversion is found at: src/memory/malloc.rs:47
pub unsafe fn cuda_malloc<T>(count: usize) -> CudaResult<DevicePointer<T>> {
let size = count.checked_mul(mem::size_of::<T>()).unwrap_or(0);
if size == 0 {
return Err(CudaError::InvalidMemoryAllocation);
}
let mut ptr: *mut c_void = ptr::null_mut();
cuda_driver_sys::cuMemAlloc_v2(&mut ptr as *mut *mut c_void as *mut u64, size)?;
let ptr = ptr as *mut T;
Ok(DevicePointer::wrap(ptr as *mut T))
}This unsound implementation would create memory issues such as overflow, underflow, or misalignment, since the type is converted from c_void (1 byte, 8 bits) to u64
Furthermore, the attacker can manipulate the argument count associated with the c_void pointer with a large value, which can lead to buffer overflow bug. The c_void and the associated count argument are passed through the FFI, which can further corrupt the C/C++ code.
This would cause undefined behaviors in Rust. Adversaries can manipulate the type conversion and the associated count argument to cause memory safety bugs. I am reporting this issue for your attention.