Unsound usages of unsafe implementation from T to c_void #1
Description
Hi, I am scanning this crate in the latest version using my own static analyzer tool.
Unsafe pointer conversion is found at: src/ptr.rs:313
pub unsafe fn copy<T>(src: *const T, pmemdest: *mut T, count: usize) {
let len = mem::size_of::<T>() * count;
ffi::pmem_memmove_persist(pmemdest as *mut c_void, src as *const c_void, len as size_t);
}This unsound implementation would create memory issues such as overflow, underflow, or misalignment, since the type T is converted to c_void (1 byte, 8 bits).
The original memory size can be larger than the memory pointed by c_void. Furthermore, the attacker can manipulate the argument count associated with the c_void pointer with large value, which can lead to a buffer overflow bug. The c_void and the associated count argument are passed through the FFI, which can further corrupt the C/C++ code.
This would cause undefined behaviors in Rust. Adversaries can manipulate the type conversion and the associated count argument to cause memory safety bugs. I am reporting this issue for your attention.