cve_rs/
segfault.rs

1//! A 100% memory-safe segmentation fault.
2//!
3//! We first use the soundness hole (and our transmute implementation) to create a mutable null reference to a `u8`.
4//! Then, we dereference it to get a segmentation fault!
5
6/// Segfaults the program.
7///
8/// See [`crate::transmute()`]
9pub fn segfault() -> ! {
10	let null = crate::null_mut::<u8>();
11	*null = 42;
12
13	// If null doesn't work, try max. Surely that'll stop it.
14	// Confirmed to be effective on WASM.
15	let max = crate::not_alloc::<u8>();
16	*max = 69;
17
18	unreachable!("Sorry, your platform is too strong.")
19}
20
21#[cfg(test)]
22mod tests {
23	#[test]
24	fn test_segfault() {
25		use std::process::Command;
26		let output = Command::new("cargo")
27			.arg("run")
28			.arg("segfault")
29			.output()
30			.unwrap();
31
32		if output.status.success()
33			|| std::str::from_utf8(&output.stderr)
34				.unwrap()
35				.contains("Sorry, your platform is too strong.")
36		{
37			panic!("Segfault failed to segfault");
38		}
39	}
40}
cve_rs/segfault.rs

cve_rs/
segfault.rs
