Compiler_bulitins memcpy relying on heap allocator allocating size in the multiple of the size of `usize`? (leading to out-of-bounds access if allocator impl does not hold the assumption)

I'm using Rust with KLEE and kept getting out-of-bounds error in memcpy of compiler_builtins.

Turns out that compiler_builtins' memcpy copies word by word, and cause out-of-bound if the object size is not a multiple of the size of usize.

Relevant compiler_builtins code:

Does Rust assume the allocator implementation aligns the size of the object to size of usize?

NVM. It seems it reads out-of-bound as the comments say, but do not perform out-of-bound write.
I'll have to align up size before calling malloc.

I ended up forcing klee to use it's own version of memcpy.
I could've also changed klee to allocate size aligned up to usize (for global/stack/heap objects), but then I could miss off-by-one errors.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.