Merge pull request #860 from ammaraskar/reorder

Add advisory for out-of-bounds write and uninitialized memory exposure in reorder
2026-01-06 03:29:45 +01:00 · 2021-03-31 13:29:33 +02:00
parent 66a13ee850 7b3ef9f3a5
commit 09466c5095
1 changed files with 28 additions and 0 deletions
--- a/crates/reorder/RUSTSEC-0000-0000.md
+++ b/crates/reorder/RUSTSEC-0000-0000.md
@@ -0,0 +1,28 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "reorder"
+date = "2021-02-24"
+url = "https://github.com/tiby312/reorder/issues/1"
+keywords = ["memory-corruption", "out-of-bounds"]
+
+[versions]
+patched = []
+```
+
+# swap_index can write out of bounds and return uninitialized memory
+
+`swap_index` takes an iterator and swaps the items with their corresponding
+indexes. It reserves capacity and sets the length of the vector based on the
+`.len()` method of the iterator.
+
+If the `len()` returned by the iterator is larger than the actual number of
+elements yielded, then `swap_index` creates a vector containing uninitialized
+members. If the `len()` returned by the iterator is smaller than the actual
+number of members yielded, then `swap_index` can write out of bounds past
+its allocated vector.
+
+As noted by the Rust documentation, [`len()`](https://doc.rust-lang.org/std/iter/trait.ExactSizeIterator.html#method.len)
+and `size_hint()` are primarily meant for optimization and incorrect values
+from their implementations should not lead to memory safety violations.
+