OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #656 from JOE1994/0085-cdr

Browse Source 
cdr: Reading uninitialized memory can cause UB (`Deserializer::read_vec`)
This commit is contained in:
Sergey "Shnatsel" Davidoff
2021-01-24 17:02:17 +01:00
committed by GitHub
parent 0a8f5ce4b9 d5dac477ee
commit 2b91d6dd5c
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/cdr/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "cdr"
date = "2021-01-02"
url = "https://github.com/hrektts/cdr-rs/issues/10"
categories = ["memory-exposure"]
[versions]
patched = [">= 0.2.4"]
```
# Reading uninitialized memory can cause UB (`Deserializer::read_vec`)
`Deserializer::read_vec()` created an uninitialized buffer and passes it to a user-provided `Read` implementation (`Deserializer.reader.read_exact()`).
Passing an uninitialized buffer to an arbitrary `Read` implementation is currently defined as undefined behavior in Rust. Official documentation for the `Read` trait explains the following: "It is your responsibility to make sure that buf is initialized before calling read. Calling read with an uninitialized buf (of the kind one obtains via MaybeUninit<T>) is not safe, and can lead to undefined behavior."
The flaw was corrected in commit ce310f7 by zero-initializing the newly allocated buffer before handing it to `Deserializer.reader.read_exact()`.