From 4149849b99427fa26d6ee16b5f180ed80cfa52e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20L=C3=B3pez?= <00xc@protonmail.com>
Date: Mon, 6 Nov 2023 21:43:37 +0100
Subject: [PATCH] fuzz: remove potential undefined behavior in chaos harness
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The chaos harness has a potential UB bug reported by Miri due to
mutable pointer aliasing. The `heap` object has a mutable reference
to `HEAP_MEM`, which gets invalidated when calculating
`remaining_space`, as it does so through a mut pointer. Thus, using
`heap` after using the pointer is technically undefined behavior
under Rust's aliasing rules.

Fix this by taking a const pointer.

Note that it is very unlikely this caused any actual issues under the
current state of the compiler.

Signed-off-by: Carlos López <00xc@protonmail.com>
---
 fuzz/fuzz_targets/chaos.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fuzz/fuzz_targets/chaos.rs b/fuzz/fuzz_targets/chaos.rs
index 795b211..d2ffa9a 100644
--- a/fuzz/fuzz_targets/chaos.rs
+++ b/fuzz/fuzz_targets/chaos.rs
@@ -82,7 +82,7 @@ fn fuzz(size: u16, actions: Vec<Action>) {
             // safety: new heap size never exceeds MAX_HEAP_SIZE
             unsafe {
                 let remaining_space = HEAP_MEM
-                    .as_mut_ptr()
+                    .as_ptr()
                     .add(MAX_HEAP_SIZE)
                     .offset_from(heap.top());
                 assert!(remaining_space >= 0);