-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple unsound problems in bcf crate #459
Comments
After some effort, I managed to get the project up and running, and I think I should be able to confirm that there is indeed an unsound problem.
main.rs:
result:
|
maybe same problem for Line 382 in da6278f
but I didn't test it, maybe we can also take a look at it ;) |
same problem for Line 420 in da6278f
Line 447 in da6278f
Line 477 in da6278f
If there is no extern usage for HeaderView, maybe we should mark it as private, at least for its field should be marked as private. And add !null_ptr check in new method
|
ping? |
maybe same problem for Line 136 in da6278f
user can pass a null pointer to this function. |
rust-htslib/src/bcf/header.rs
Line 288 in da6278f
Hello, thank you for your contribution in thin project. Currently, I'm scnning rust project in github, and I notice the following code.
Since
samples
is apub
function, andinner
is also apub
field,bcf
is also apub
mod. So I guess this might mean that the user can manipulate the value ofinner
directly, and ifinner
is set to an eg.null pointer
, it might cause UB.The text was updated successfully, but these errors were encountered: