From 07d7992034075d65ac7191ef93e8da9654670568 Mon Sep 17 00:00:00 2001
From: Christopher Serr <christopher.serr@gmail.com>
Date: Fri, 26 Dec 2025 14:51:23 +0100
Subject: [PATCH] Fix `Process::read_into_uninit_slice` Unsoundness

The lifetime was not properly tied to the buffer passed in, which could
lead to use after free if the returned slice outlived the buffer.
---
 src/runtime/process.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/runtime/process.rs b/src/runtime/process.rs
index ccbfb313..40b1b312 100644
--- a/src/runtime/process.rs
+++ b/src/runtime/process.rs
@@ -339,11 +339,11 @@ impl Process {
     /// of a specific type. The buffer does not need to be initialized. After
     /// the slice successfully got filled, the initialized slice is returned.
     #[inline]
-    pub fn read_into_uninit_slice<T: CheckedBitPattern>(
+    pub fn read_into_uninit_slice<'buf, T: CheckedBitPattern>(
         &self,
         address: impl Into<Address>,
-        slice: &mut [MaybeUninit<T>],
-    ) -> Result<&mut [T], Error> {
+        slice: &'buf mut [MaybeUninit<T>],
+    ) -> Result<&'buf mut [T], Error> {
         // SAFETY: The process handle is guaranteed to be valid. We provide a
         // valid pointer and length to the buffer. We also do proper error
         // handling afterwards. The buffer is guaranteed to be initialized