From 23ff35f8259aca16ff14e4ce0da0f54cd496a26c Mon Sep 17 00:00:00 2001 From: Max Ammann Date: Thu, 13 Apr 2023 13:43:33 -0400 Subject: [PATCH] Fix typos in RUSTSEC-2023-0033 (#1685) * Fix typos in RUSTSEC-2023-0033.md * Update RUSTSEC-2023-0033.md --- crates/borsh/RUSTSEC-2023-0033.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/crates/borsh/RUSTSEC-2023-0033.md b/crates/borsh/RUSTSEC-2023-0033.md index 467e3de..b4d80ba 100644 --- a/crates/borsh/RUSTSEC-2023-0033.md +++ b/crates/borsh/RUSTSEC-2023-0033.md @@ -15,8 +15,11 @@ patched = [] # Parsing borsh messages with ZST which are not-copy/clone is unsound -Affected versions of borsh cause undefined behaviour when zero-sized-types (ZST) are parsed and the Copy/Clone traits are not implemented/derived. -For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy (this can be achieved through a a singleton), -then accessing/writing to deserialized data will cause a segmentation fault. +Affected versions of borsh cause undefined behavior when zero-sized-types (ZST) +are parsed and the Copy/Clone traits are not implemented/derived. +For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy +(this can be achieved through a singleton), then accessing/writing to deserialized +data will cause a segmentation fault. -There is currently no way for borsh to read data without also providing a Rust type. Therefore, it there are not ZST used for serialization, then you are not affected by this issue. +There is currently no way for borsh to read data without also providing a Rust type. +Therefore, if not ZST are used for serialization, then you are not affected by this issue.