Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04M2dnLXB3eGYtanI4Oc4AArqx
`array!` macro is unsound in presence of traits that implement methods it calls internally
Affected versions of this crate called some methods using auto-ref. The affected code looked like this.
let mut arr = $crate::__core::mem::MaybeUninit::uninit();
let mut vec = $crate::__ArrayVec::<T>::new(arr.as_mut_ptr() as *mut T);
In this case, the problem is that as_mut_ptr
is a method of &mut MaybeUninit
, not MaybeUninit
. This made it possible for traits to hijack the method calls in order to cause unsoundness.
trait AsMutPtr<T> {
fn as_mut_ptr(&self) -> *mut T;
}
impl<T> AsMutPtr<T> for std::mem::MaybeUninit<T> {
fn as_mut_ptr(&self) -> *mut T {
std::ptr::null_mut()
}
}
array![0; 1];
The flaw was corrected by explicitly referencing variables in macro body in order to avoid auto-ref.
Permalink: https://github.com/advisories/GHSA-83gg-pwxf-jr89JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04M2dnLXB3eGYtanI4Oc4AArqx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 11 months ago
Identifiers: GHSA-83gg-pwxf-jr89
References:
- https://github.com/rustsec/advisory-db/blob/main/crates/array-macro/RUSTSEC-2020-0161.md
- https://rustsec.org/advisories/RUSTSEC-2020-0161.html
- https://github.com/xfix/array-macro/commit/01940637dd8f3bfeeee3faf9639fa9ae52f19f4d
- https://gitlab.com/KonradBorowski/array-macro/-/commit/01940637dd8f3bfeeee3faf9639fa9ae52f19f4d
- https://github.com/advisories/GHSA-83gg-pwxf-jr89
Blast Radius: 0.0
Affected Packages
cargo:array-macro
Dependent packages: 24Dependent repositories: 232
Downloads: 3,040,824 total
Affected Version Ranges: >= 0.1.2, < 1.0.5
Fixed in: 1.0.5
All affected versions: 0.1.2, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4
All unaffected versions: 0.1.0, 0.1.1, 1.0.5, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8