Hi there!
We scanned the most popular libraries on crates.io and found some memory safety bugs in this library.
PoC
use std::os::unix::io::RawFd;
fn main() {
// Any fd value triggers the UB because mem::uninitialized::<Termios>() is executed
// unconditionally before the tcgetattr OS call result is checked.
let fd: RawFd = -1;
// Safe public API call that triggers the crate's internal unsafe `mem::uninitialized()`.
let _ = termios::Termios::from_fd(fd);
}Miri Output
error: Undefined Behavior: constructing invalid value at .inner.c_iflag: encountered uninitialized memory, but expected an integer
--> /home/ccuu/Desktop/llm-detector/experiments/cache/crates_src/termios/0.3.3/termios-0.3.3/src/lib.rs:195:36
|
195 | let mut termios = unsafe { mem::uninitialized() };
| ^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
|
= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
= note: BACKTRACE:
= note: inside `termios::Termios::from_fd` at /home/ccuu/Desktop/llm-detector/experiments/cache/crates_src/termios/0.3.3/termios-0.3.3/src/lib.rs:195:36: 195:56
note: inside `main`
--> src/main.rs:13:13
|
13 | let _ = termios::Termios::from_fd(fd);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
error: aborting due to 1 previous error
Hi there!
We scanned the most popular libraries on crates.io and found some memory safety bugs in this library.
PoC
Miri Output