From 41cc7a12a2d0b47bc4523a8e2914965de442c2dc Mon Sep 17 00:00:00 2001
From: David Tolnay <dtolnay@gmail.com>
Date: Wed, 20 Dec 2023 14:32:37 -0800
Subject: [PATCH] Unaligned write in unsafe-libyaml (#1841)

---
 crates/unsafe-libyaml/RUSTSEC-0000-0000.md | 31 ++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 crates/unsafe-libyaml/RUSTSEC-0000-0000.md

diff --git a/crates/unsafe-libyaml/RUSTSEC-0000-0000.md b/crates/unsafe-libyaml/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..314d6df
--- /dev/null
+++ b/crates/unsafe-libyaml/RUSTSEC-0000-0000.md
@@ -0,0 +1,31 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "unsafe-libyaml"
+date = "2023-12-20"
+url = "https://github.com/dtolnay/unsafe-libyaml/issues/21"
+informational = "unsound"
+keywords = ["unaligned-write"]
+
+[versions]
+patched = [">= 0.2.10"]
+```
+
+# Unaligned write of u64 on 32-bit and 16-bit platforms
+
+Affected versions allocate memory using the alignment of `usize` and write data
+to it of type `u64`, without using `core::ptr::write_unaligned`. In platforms
+with sub-64bit alignment for `usize` (including wasm32 and x86) these writes
+are insufficiently aligned some of the time.
+
+If using an ordinary optimized standard library, the bug exhibits Undefined
+Behavior so may or may not behave in any sensible way, depending on
+optimization settings and hardware and other things. If using a Rust standard
+library built with debug assertions enabled, the bug manifests deterministically
+in a crash (non-unwinding panic) saying _"ptr::write requires that the pointer
+argument is aligned and non-null"_.
+
+No 64-bit platform is impacted by the bug.
+
+The flaw was corrected by allocating with adequately high alignment on all
+platforms.