Please sign in to comment.
tag the first release of the C implementation, c-0.2.0
This release is motivated by a fix for a potential security vulnerability. 421a21a fixes a bug introduced in a1c4c4e. A truncated pointer register led to a segfault on x86-64 under Clang 7 and 8. Clang 9 happens to be unaffected, but the behavior is undefined in general. See also: #60 (comment) The C implementation of BLAKE3 hasn't been formally packaged anywhere, and most callers vendor code from master. This release tag is intended to make the fix above more visible, to encourage callers to update their vendored copies. We will continue to publish tags like this whenever bugs in the C implementation are fixed, or if there are any incompatible API changes. Note that the issue above does not impact callers of the Rust `blake3` crate. The affected file, `blake3_dispatch.c`, is not compiled by that crate in any configuration. It does impact callers of the internal `blake3_c_rust_bindings` crate, but that crate is not published on crates.io and not intended for production use.
- Loading branch information