From abb3e7f4299bc6b3b3819f24c85e4604848a1c91 Mon Sep 17 00:00:00 2001 From: Chris Martin Date: Wed, 7 May 2025 11:20:03 -0400 Subject: [PATCH] Fix UB in Linux mem reader --- src/linux/mem_reader.rs | 42 ++++------------------------------------- 1 file changed, 4 insertions(+), 38 deletions(-) diff --git a/src/linux/mem_reader.rs b/src/linux/mem_reader.rs index 9d04285d..f8e4a040 100644 --- a/src/linux/mem_reader.rs +++ b/src/linux/mem_reader.rs @@ -99,44 +99,10 @@ impl MemReader { src: usize, length: std::num::NonZeroUsize, ) -> Result, CopyFromProcessError> { - let length = length.into(); - let layout = - std::alloc::Layout::array::(length).map_err(|_err| CopyFromProcessError { - child: self.pid.as_raw(), - src, - offset: 0, - length, - source: nix::errno::Errno::EINVAL, - })?; - - // SAFETY: we've guaranteed the layout we're allocating is valid at this point - let output = unsafe { - let ptr = std::alloc::alloc(layout); - if ptr.is_null() { - return Err(CopyFromProcessError { - child: self.pid.as_raw(), - src, - offset: 0, - length, - source: nix::errno::Errno::ENOMEM, - }); - } - std::slice::from_raw_parts_mut(ptr, length) - }; - - match self.read(src, output) { - Ok(read) => { - // SAFETY: we've filled initialized read bytes of our allocation block - unsafe { Ok(Vec::from_raw_parts(output.as_mut_ptr(), read, length)) } - } - Err(err) => { - // SAFETY: the pointer and layout are the same we just allocated - unsafe { - std::alloc::dealloc(output.as_mut_ptr(), layout); - } - Err(err) - } - } + let mut output = vec![0u8; length.into()]; + let bytes_read = self.read(src, &mut output)?; + output.truncate(bytes_read); + Ok(output) } pub fn read(&mut self, src: usize, dst: &mut [u8]) -> Result {