Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix Rust enum repr qualification #177
Memory corruption is potentially a security issue. I've only skimmed the code, but it seems that a buffer overflow could happen because of incorrect in-memory representation of a field affecting the amount of memory to operate on.
Please add this issue to the Rust security advisory database so people could check if they're running a vulnerable version and upgrade.
@Shnatsel Thank you for sharing it.
I am not quite sure how to present this as per rust-sec template because it doesn't ask at which verion of rust the issue starts to appear.
As per investigation reported on #176 , there doesn't seem to be any issue on crate versions 3.5.0 or earlier wtih Rust 1.27 or earlier. The issue appears from rust 1.28 and as per Rust's 1.28.0 release notes, it is the version where
What do you think of this scenario ?
@9prady9 is correct we presently have no way to file advisories which only apply to certain Rust versions.
Failing that however, you can just file the advisory for all impacted versions of the crate, regardless of the Rust version. Users of Rust versions older than 1.28 may see a "false positive", but since it seems to impact all versions going forward I'm not sure how much that matters.