1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

//! A 100% memory-safe segmentation fault.
//!
//! We use this hole to create a `'static` reference to a dropped (yes, dropped) `Box<Box<u8>>`.
//!
//! The smart pointer exists on the stack, but was dropped, so the reference
//! is borrowing arbitrary data on the stack. We can then fill the stack with zeros, which
//! replaces the smart pointer's address with zero, creating a null reference in safe Rust.
//!
//! By accessing the contents of the pointer, we force Rust to dereference the null pointer,
//! causing a segfault.
//!
//! > **Note:** In theory this should work with a normal box, but in practice Rust reads random
//! > memory instead of segfaulting on a null pointer. We think this is due to compiler
//! > optimisations.

use std::hint::black_box;

use crate::not_alloc;

/// Segfaults the program.
pub fn segfault() -> ! {
	let not_my_ref = not_alloc::<u8>();
	black_box([0; 1024]);
	println!("{not_my_ref:?}");

	// WASM. u_u
	unreachable!("Sorry, your platform is too strong.")
}