CVE-2020-35894

Step 1: Initialization: The vulnerable obstack crate is initialized within a Rust program.

Step 2: Memory Allocation: The program uses the obstack crate to allocate memory for various data structures.

Step 3: Unaligned Reference Creation: Due to a flaw in the memory allocation logic, the crate creates a reference to a memory address that is not properly aligned (e.g., not a multiple of the required alignment for the data type).

Step 4: Reference Dereferencing: The program attempts to access the data pointed to by the unaligned reference.

Step 5: Hardware Exception/Crash: The CPU detects the unaligned memory access and triggers a hardware exception, leading to a program crash or, in some cases, controlled memory corruption. This could lead to arbitrary code execution or a denial-of-service.

The vulnerability stems from the obstack crate's handling of memory allocation and reference creation. Specifically, the flaw lies in the potential for the crate to generate references to memory addresses that are not properly aligned according to the target architecture's requirements. This can occur during memory allocation and deallocation operations. When an unaligned reference is dereferenced, it can trigger a hardware exception, leading to a crash or, in more complex scenarios, allowing for controlled memory corruption. The root cause is likely a calculation error or a lack of alignment checks within the memory management logic of the obstack crate. This can lead to the creation of references that point to memory locations that are not properly aligned, triggering a hardware exception when the reference is used.