While conducting an internal unsafe review @cramertj found issues in rust_fuzzer_custom_mutator:
This function should also be unsafe since it makes assumptions about $data, $size, and $max_size when calling from_raw_parts_mut. Additionally, as far as I can tell, there is no guarantee here that data has been initialized up to max_size, so it's not safe to use with from_raw_parts_mut, as this would allow the user to read from uninitialized memory. Misoptimizations seem unlikely to be an issue in practice due to the FFI boundary, however.
While conducting an internal unsafe review @cramertj found issues in
rust_fuzzer_custom_mutator:This function should also be
unsafesince it makes assumptions about$data,$size, and$max_sizewhen callingfrom_raw_parts_mut. Additionally, as far as I can tell, there is no guarantee here thatdatahas been initialized up tomax_size, so it's not safe to use withfrom_raw_parts_mut, as this would allow the user to read from uninitialized memory. Misoptimizations seem unlikely to be an issue in practice due to the FFI boundary, however.https://github.com/rust-fuzz/libfuzzer/blob/c9c43f308b98a03b295e6a2e81089950b42c6ee1/src/lib.rs#L464-L485