OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 09:36:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for unsoundness in intaglio symbol interners (#1732)

Browse Source 
See:

- https://github.com/artichoke/intaglio/issues/235
- https://github.com/artichoke/intaglio/pull/236
- https://github.com/artichoke/intaglio/releases/tag/v1.9.0
This commit is contained in:
Ryan Lopopolo
2023-07-26 15:11:22 -07:00
committed by GitHub
parent 4aa517564d
commit 3cf8a9354f
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
crates/intaglio/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,27 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "intaglio"
date = "2023-07-26"
url = "https://github.com/artichoke/intaglio/pull/236"
references = [
"https://github.com/artichoke/intaglio/issues/235",
"https://github.com/artichoke/intaglio/pull/236",
"https://github.com/artichoke/intaglio/releases/tag/v1.9.0",
]
informational = "unsound"
[affected]
functions = { "intaglio::SymbolTable::intern" = ["< 1.9.0"], "intaglio::bytes::SymbolTable::intern" = ["< 1.9.0"], "intaglio::cstr::SymbolTable::intern" = ["< 1.9.0, >= 1.5.0"], "intaglio::osstr::SymbolTable::intern" = ["< 1.9.0, >= 1.5.0"], "intaglio::path::SymbolTable::intern" = ["< 1.9.0, >= 1.5.0"] }
[versions]
patched = [">= 1.9.0"]
```
# Unsoundness in `intern` methods on `intaglio` symbol interners
Affected versions of this crate have a stacked borrows violation when creating
references to interned contents. All interner types are affected.
The flaw was corrected in version 1.9.0 by reordering move and borrowing
operations and storing interned contents by raw pointer instead of as a `Box`.