Closed c4-bot-5 closed 6 months ago
141345 marked the issue as duplicate of #80
141345 marked the issue as not a duplicate
141345 marked the issue as sufficient quality report
seems invalid
This is an unsafe
function. As the comment sad:
/// # Safety
///
/// The caller should make sure the pointers are valid and non-null.
kvinwang (sponsor) disputed
OpenCoreCH marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/capi/mod.rs#L18-L30
Vulnerability details
Impact
The function __pink_runtime_init dereferences a raw pointer (config) without prior validation to ensure that it is not null and This operation occurs within an unsafe block, which indicates the bypassing of Rust's safety guarantees. The lack of null pointer check before dereferencing poses a significant risk of undefined behavior, which can lead to runtime crashes or memory corruption.
Dereferencing a null pointer can lead to undefined behavior including segmentation faults crashes and potential memory corruption. this could compromise the integrity and reliability of the runtime, potentially affecting all operations relying on this initialization process. the vulnerability can cause incorrect or malicious input where config is a null pointer. Failures in ensuring that all external calls to __pink_runtime_init validate pointers before passing them to the function.
Tools Used
MANUAL REVIEW
Recommended Mitigation Steps
NEED to validate all raw pointers for nullity before dereferencing them
Assessed type
Other