New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
std::shared_ptr serialization asymmetry (depends on memory layout) #636
Comments
This issue has been assigned the following CVE number: CVE-2020-11105 |
Yeah unfortunately, the control block of Alternatively, one could document that correct usage of Cereal already provides a mechanism to disable or override it's own handling of STL types, so the current implementation could be made opt-in rather than opt-out for safety. |
Either I am overlooking something or the fix of this problem is quite straight forward, see patch proposal in linked pr #667. My line of though was the following: Am I right and it is this easy, or am I overlooking something? |
I think this makes sense, it should be documented so that users understand how it will affect the lifetime of their smart pointers, but the approach should fix the CVE. I'm kicking myself for not thinking of it sooner! |
Cereal employs caching of
std::shared_ptr
values, using the raw pointer as a unique identifier. This becomes problematic if anstd::shared_ptr
variable goes out of scope and is freed, and a newstd::shared_ptr
is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout.Output is:
The input is (true, false) but the output is (true, true).
The text was updated successfully, but these errors were encountered: