From 17e49c8ced9f386f89fc2c803b00b5f97003eced Mon Sep 17 00:00:00 2001
From: Luke Street <luke.street@encounterpc.com>
Date: Tue, 21 May 2024 21:36:10 -0600
Subject: [PATCH] Fix heap corruption in Rust bindings

RabbitizerInstruction_getSizeForBuffer and
RabbitizerOperandType_getBufferSize return
the size _without_ the null terminator, so
we need to allocate one more byte to avoid
writing past the allocated vector bounds.
---
 rust/src/instruction.rs   | 2 +-
 rust/src/opereand_type.rs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/rust/src/instruction.rs b/rust/src/instruction.rs
index d8a81bdf..f300c2a1 100644
--- a/rust/src/instruction.rs
+++ b/rust/src/instruction.rs
@@ -709,7 +709,7 @@ impl Instruction {
             let buffer_size =
                 RabbitizerInstruction_getSizeForBuffer(self, imm_override_len, extra_l_just);
 
-            let mut buffer: Vec<u8> = vec![0; buffer_size];
+            let mut buffer: Vec<u8> = vec![0; buffer_size + 1];
             let disassembled_size = RabbitizerInstruction_disassemble(
                 self,
                 buffer.as_mut_ptr() as *mut core::ffi::c_char,
diff --git a/rust/src/opereand_type.rs b/rust/src/opereand_type.rs
index 1935d832..fc9c5e92 100644
--- a/rust/src/opereand_type.rs
+++ b/rust/src/opereand_type.rs
@@ -30,7 +30,7 @@ impl operand_type_enum::OperandType {
         unsafe {
             let buffer_size = RabbitizerOperandType_getBufferSize(*self, instr, imm_override_len);
 
-            let mut buffer: Vec<u8> = vec![0; buffer_size];
+            let mut buffer: Vec<u8> = vec![0; buffer_size + 1];
             let disassembled_size = RabbitizerOperandType_disassemble(
                 *self,
                 instr,