In array::ReadWrite::new() (line 83 of accessor/src/array.rs), let bytes = mem::size of::<T>() * len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses (e.g. read volatile at) lead to undefined behavior or memory corruption.

Note: array::ReadWrite::new() itself is unsafe, so direct triggering requires an unsafe block. However, the integer overflow violates the implicit safety contract expected by callers and can lead to memory corruption downstream.