From 4dd2a55588820eeb6b3e61569a7762ca11e608ac Mon Sep 17 00:00:00 2001
From: Luke Street <luke@street.dev>
Date: Wed, 22 May 2024 10:33:15 -0600
Subject: [PATCH] Fix heap corruption in Rust bindings (#62)

RabbitizerInstruction_getSizeForBuffer and
RabbitizerOperandType_getBufferSize return
the size _without_ the null terminator, so
we need to allocate one more byte to avoid
writing past the allocated vector bounds.
---
 rust/src/instruction.rs   | 2 +-
 rust/src/opereand_type.rs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/rust/src/instruction.rs b/rust/src/instruction.rs
index d8a81bd..f300c2a 100644
--- a/rust/src/instruction.rs
+++ b/rust/src/instruction.rs
@@ -709,7 +709,7 @@ impl Instruction {
             let buffer_size =
                 RabbitizerInstruction_getSizeForBuffer(self, imm_override_len, extra_l_just);
 
-            let mut buffer: Vec<u8> = vec![0; buffer_size];
+            let mut buffer: Vec<u8> = vec![0; buffer_size + 1];
             let disassembled_size = RabbitizerInstruction_disassemble(
                 self,
                 buffer.as_mut_ptr() as *mut core::ffi::c_char,
diff --git a/rust/src/opereand_type.rs b/rust/src/opereand_type.rs
index 1935d83..fc9c5e9 100644
--- a/rust/src/opereand_type.rs
+++ b/rust/src/opereand_type.rs
@@ -30,7 +30,7 @@ impl operand_type_enum::OperandType {
         unsafe {
             let buffer_size = RabbitizerOperandType_getBufferSize(*self, instr, imm_override_len);
 
-            let mut buffer: Vec<u8> = vec![0; buffer_size];
+            let mut buffer: Vec<u8> = vec![0; buffer_size + 1];
             let disassembled_size = RabbitizerOperandType_disassemble(
                 *self,
                 instr,