Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Validate return value of get_slice in VolatileMemory functions #251

Merged
merged 1 commit into from
Aug 29, 2023
Merged

fix: Validate return value of get_slice in VolatileMemory functions #251

merged 1 commit into from
Aug 29, 2023

Conversation

kalyazin
Copy link

Summary of the PR

An issue was discovered in the default implementations of the VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref} trait functions, which allows out-of-bounds memory access if the VolatileMemory::get_slice function returns a VolatileSlice whose length is less than the function’s count argument. No implementations of get_slice provided in vm_memory are affected. Users of custom VolatileMemory implementations may be impacted if the custom implementation does not adhere to get_slice's documentation.

This commit fixes this issue by inserting a check that verifies that the VolatileSlice returned by get_slice is of the correct length.

Requirements

Before submitting your PR, please make sure you addressed the following
requirements:

  • All commits in this PR are signed (with git commit -s), and the commit
    message has max 60 characters for the summary and max 75 characters for each
    description line.
  • All added/changed functionality has a corresponding unit/integration
    test.
  • All added/changed public-facing functionality has entries in the "Upcoming
    Release" section of CHANGELOG.md (if no such section exists, please create one).
  • Any newly added unsafe code is properly documented.

@roypat @kalyazin
fix: Validate return value of get_slice in VolatileMemory
6ad15c4 
An issue was discovered in the default implementations of the
VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut,
get_ref, get_array_ref} trait functions, which allows out-of-bounds
memory access if the VolatileMemory::get_slice function returns a
VolatileSlice whose length is less than the function’s count argument.
No implementations of get_slice provided in vm_memory are affected.
Users of custom VolatileMemory implementations may be impacted if the
custom implementation does not adhere to get_slice's documentation.

This commit fixes this issue by inserting a check that verifies that the
VolatileSlice returned by get_slice is of the correct length.

Signed-off-by: Patrick Roy <[email protected]>
@roypat roypat merged commit aff1dd4 into rust-vmm:main Aug 29, 2023
@roypat roypat mentioned this pull request Aug 29, 2023
Closed
@kalyazin kalyazin deleted the get_slice branch August 30, 2023 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JonathanWoollett-Light JonathanWoollett-Light JonathanWoollett-Light approved these changes

@roypat roypat roypat approved these changes

@alexandruag alexandruag Awaiting requested review from alexandruag alexandruag is a code owner

@bonzini bonzini Awaiting requested review from bonzini bonzini is a code owner

@jiangliu jiangliu Awaiting requested review from jiangliu jiangliu is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kalyazin @JonathanWoollett-Light @roypat