Crate cve_rs

So far, all our bugs are implemented using a single soundness hole in the Rust compiler.

The explanation is detailed in the lifetime_expansion module.

Re-exports

• pub use buffer_overflow::buffer_overflow;
• pub use segfault::segfault;
• pub use transmute::transmute;
• pub use use_after_free::use_after_free;
• pub use references::not_alloc;
• pub use references::null;
• pub use references::null_mut;
• pub use lifetime_expansion::*;

Modules

• buffer_overflow
  A memory-safe buffer overflow.
• lifetime_expansion
  Domain expansion: 'static lifetime
• references
  Reimplementations of std::ptr::null() and std::ptr::null_mut(), with safe code only. Relies on [crate::transmute] under the hood.
• segfault
  A 100% memory-safe segmentation fault.
• transmute
  An 100% memory-safe implementation of std::mem::transmute.
• use_after_free
  Behold, a perfectly memory-safe use-after-free!

Functions

• construct_fake_string
  Construct a String from a pointer, capacity and length, in a completely safe manner.