search

Lokathor / safe_arch

Exposes arch-specific intrinsics as safe function (via cfg).
https://docs.rs/safe_arch
Apache License 2.0
48 stars 8 forks source link

Unsound usages of unsafe implementation from `i64` to `__m128i` #116

Closed llooFlashooll closed 2 months ago

llooFlashooll commented 2 months ago

Hi, I am scanning the safe_arch in the latest version with my own static analyzer tool.

Unsafe conversion found at: src/runtime.rs#L506

#[inline(always)]
#[allow(clippy::cast_ptr_alignment)]
#[cfg_attr(docsrs, doc(cfg(target_feature = "sse2")))]
pub fn store_i64_m128i_s(r: &mut i64, a: m128i) {
  unsafe { _mm_storel_epi64(r as *mut i64 as *mut __m128i, a.0) }
}

This unsound implementation would create a misalignment issues if the type size of i64 is smaller than the type size of __m128i.

This would potentially cause undefined behaviors in Rust. If we further manipulate the problematic converted types, it would potentially lead to different consequences such as access out-of-bound. I am reporting this issue for your attention.

Lokathor commented 2 months ago

That's not how the _mm_storel_epi64 intrinsic works. It doesn't store the entire m128i, it only stores the lower 64 bits.