-
Notifications
You must be signed in to change notification settings - Fork 5
/
0059-arc-swap.rs
70 lines (57 loc) · 1.45 KB
/
0059-arc-swap.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/*!
```rudra-poc
[target]
crate = "arc-swap"
version = "1.0.0"
indexed_version = "0.4.7"
[report]
issue_url = "https://github.com/vorner/arc-swap/issues/45"
issue_date = 2020-12-09
rustsec_url = "https://github.com/RustSec/advisory-db/pull/530"
rustsec_id = "RUSTSEC-2020-0091"
[[bugs]]
analyzer = "Manual"
guide = "SendSyncVariance"
bug_class = "Other"
rudra_report_locations = []
```
!*/
#![forbid(unsafe_code)]
use arc_swap::access::Map;
use arc_swap::access::{Access, Constant};
static CORRECT_ADDR: &str = "I'm pointing to the correct location!";
#[derive(Clone)]
struct MemoryChecker {
// should be always CORRECT_ADDR
message: &'static str,
}
impl MemoryChecker {
pub fn new() -> Self {
MemoryChecker {
message: CORRECT_ADDR,
}
}
pub fn validate(&self) {
println!(
"Pointing to {:?}, len {}",
self.message as *const _,
self.message.len()
);
println!("Message: {}", self.message);
}
}
fn overwrite() {
let a = 123;
let b = 456;
println!("Overwriting stack content {} {}", a, b);
}
fn main() {
let constant = Constant(MemoryChecker::new());
constant.0.validate();
// Create a map with identity mapping
let map = Map::new(constant, |checker: &MemoryChecker| checker);
// After calling this, `value` pointer of `MapGuard` points to a dangling stack address
let loaded = map.load();
overwrite();
loaded.validate();
}