fuzz: remove potential undefined behavior in chaos harness

The chaos harness has a potential UB bug reported by Miri due to
mutable pointer aliasing. The `heap` object has a mutable reference
to `HEAP_MEM`, which gets invalidated when calculating
`remaining_space`, as it does so through a mut pointer. Thus, using
`heap` after using the pointer is technically undefined behavior
under Rust's aliasing rules.

Fix this by creating a const pointer via the `addr_of!()` macro.

Note that it is very unlikely this caused any actual issues under the
current state of the compiler.

Signed-off-by: Carlos López <[email protected]>

Author: 00xc

fuzz/fuzz_targets/chaos.rs

@@ -3,7 +3,7 @@ use arbitrary::Arbitrary;
 use libfuzzer_sys::fuzz_target;
 use linked_list_allocator::Heap;
 use std::alloc::Layout;
-use std::ptr::NonNull;
+use std::ptr::{addr_of, NonNull};
 
 #[derive(Debug, Arbitrary)]
 enum Action {
@@ -81,8 +81,8 @@ fn fuzz(size: u16, actions: Vec<Action>) {
             Extend { additional } =>
             // safety: new heap size never exceeds MAX_HEAP_SIZE
             unsafe {
-                let remaining_space = HEAP_MEM
-                    .as_mut_ptr()
+                let remaining_space = addr_of!(HEAP_MEM)
+                    .cast::<u8>()
                     .add(MAX_HEAP_SIZE)
                     .offset_from(heap.top());
                 assert!(remaining_space >= 0);