Thanks for clarifying. Do you know what the bug is? I gathering it’s something to do with enums and boxing to enable a “safe” transmute, but couldn’t make sense of the code.
Scary compiler edge cases with value-type enums aren’t surprising though. Trying to implement that feature with memory safety and high performance sounds like a nightmare.
As far as I understand, the bug basically makes it so you can trick Rust into thinking any lifetime is actually 'static. From that, you can do all kinds of bad stuff.
Thanks for clarifying. Do you know what the bug is? I gathering it’s something to do with enums and boxing to enable a “safe” transmute, but couldn’t make sense of the code.
Scary compiler edge cases with value-type enums aren’t surprising though. Trying to implement that feature with memory safety and high performance sounds like a nightmare.
It’s essentially this issue https://github.com/rust-lang/rust/issues/25860
The code used to exploit the bug in this library is here: https://github.com/Speykious/cve-rs/blob/main/src/lifetime_expansion.rs
As far as I understand, the bug basically makes it so you can trick Rust into thinking any lifetime is actually 'static. From that, you can do all kinds of bad stuff.