A showcase of bugs found via statically analyzing Rust codebases by this tool. The template of this page is shamelessly stolen from rust-fuzz.
Most of these bugs are not memory-safety issues which are commonly seen in C and C++ projects. That is because Rust is memory-safe by default!
Memory-safety issues are marked with a ❗ in the "Memory-safety?" column. Denial of service, such as panics, is not considered memory-safety issues.
| Crate | Version | Information | Category | Memory-Safety? |
|---|---|---|---|---|
| bitvec | 0.21.1 | division by zero | arith |
|
| brotli | 3.3.0 | integer overflow | arith |
|
| brotli | 3.3.0 | integer overflow | arith |
|
| brotli | 3.3.0 | out of range access | oor |
|
| byte-unit | 4.0.10 | integer overflow | arith |
|
| bytemuck | 1.5.1-alpha.0 | unreachable code | logic |
|
| executable-memory | 0.1.2 | integer overflow | arith |
|
| executable-memory | 0.1.2 | segmentation fault | segfault |
|
| gmath | 0.1.0 | use after free | uaf |
❗ |
| qrcode-generator | 4.0.4 | integer overflow and out of range access | arith, oor |
|
| r1cs | 0.4.7 | division by zero | arith |
|
| r1cs | 0.4.7 | out of range access | oor |
|
| runes | 0.2.5 | integer overflow | arith |
|
| runes | 0.2.5 | division by zero | arith |
|
| safe-transmute | 0.11.0 | division by zero | arith |
|
| scriptful | 0.2.0 | call to unwrap on None | unwrap |
|
| spglib | 1.15.1 | potential double free | df |
❗ |
arith: Arithmetic error, eg. overflowslogic: Logic bugloop: Infinite loopoom: Out of memoryoor: Out of range accesssegfault: Program segfaultedso: Stack overflowuaf: Use after freedf: Double freeuninit: Program discloses contents of uninitialized memoryunwrap: Call tounwraponNoneorErr(_)utf-8: Problem with UTF-8 strings handling, eg. get a char not at a char boundarypanic: A panic not covered by any of the aboveother: Anything that does not fit in another category, or unclear what the problem is