From 36fb0b786c690f84e68d91bf250e3dbfa120e2a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eduardo=20S=C3=A1nchez=20Mu=C3=B1oz?= Date: Fri, 24 Jul 2020 19:10:30 +0200 Subject: [PATCH] Add advisory for traitobject (#308) Co-authored-by: Tony Arcieri --- crates/traitobject/RUSTSEC-0000-0000.toml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 crates/traitobject/RUSTSEC-0000-0000.toml diff --git a/crates/traitobject/RUSTSEC-0000-0000.toml b/crates/traitobject/RUSTSEC-0000-0000.toml new file mode 100644 index 0000000..f2ea6c4 --- /dev/null +++ b/crates/traitobject/RUSTSEC-0000-0000.toml @@ -0,0 +1,23 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "traitobject" +date = "2020-06-01" +title = "traitobject assumes assumes the layout of fat pointers" +url = "https://github.com/reem/rust-traitobject/issues/7" +informational = "unsound" +categories = ["memory-corruption"] +description = """ +This crate gets the data pointer from fat pointers assuming that the first +element in a fat pointer is the data pointer. This is currently true, but +it may change in a future Rust version, leading to memory corruption. + +This has been fixed in the master branch of the crate, but is has not +been released into crates.io. +""" + +[affected.functions] +"traitobject::data" = [] +"traitobject::data_mut" = [] + +[versions] +patched = []