Description

AccountInfo::data_ptr returns a pointer to the [u8] data stored after the Account structure by deriving it through the AccountInfo struct's raw: *mut Account pointer. For this to be valid, an AccountInfo must always be constructed from a pointer whose provenance includes both the Account and the following [u8] data.

Impact

Since with the current codebase, the entrypoint's input: *mut u8 that covers all of the (Account, [u8]) pairs is the original allocation that all of the AccountInfo::raw pointers are derived from, this does not currently lead to undefined behavior; however, violating this invariant in the future may lead to the current code invoking undefined behavior.

Recommendations

The most direct way to represent the trailing [u8] data would be add a data: [u8] field to Account. This would make Account a dynamically-sized type, which would require using ptr::to_raw_parts and ptr::from_raw_parts_mut to convert between a wide pointer to an Account (which has the size in its metadata) and a thin pointer (with the size stored in the Account's data_len).

Alternatively, it can be documented on AccountInfo that the raw pointer used to construct it must be derived from a larger allocation containing both the Account and the data.

Remediation