Advisory for image issue 1357 (#488)

2025-12-30 16:24:05 +01:00 · 2020-11-20 16:06:26 +01:00
parent f958b20831
commit 5b68bd5a1f
1 changed files with 35 additions and 0 deletions
--- a/crates/image/RUSTSEC-0000-0000.md
+++ b/crates/image/RUSTSEC-0000-0000.md
@@ -0,0 +1,35 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "image"
+date = "2020-11-12"
+url = "https://github.com/image-rs/image/issues/1357"
+informational = "unsound"
+keywords = ["pointer", "cast", "provenance"]
+
+[versions]
+patched = [">= 0.23.12"]
+
+[affected.functions]
+"image::Bgr::from_slice_mut" = ["< 0.23.12"]
+"image::Bgra::from_slice_mut" = ["< 0.23.12"]
+"image::Luma::from_slice_mut" = ["< 0.23.12"]
+"image::LumaA::from_slice_mut" = ["< 0.23.12"]
+"image::Rgb::from_slice_mut" = ["< 0.23.12"]
+"image::Rgba::from_slice_mut" = ["< 0.23.12"]
+```
+
+# Mutable reference with immutable provenance
+
+A mutable reference to a struct was constructed by dereferencing a pointer
+obtained from `slice::as_ptr`. Instead, `slice::as_mut_ptr` should have been
+called on the mutable slice argument. The former performs an implicit reborrow
+as an immutable shared reference which does not allow writing through the
+derived pointer.
+
+There is no evidence for miscompilation, exploitable or otherwise, caused by
+this bug. [Further investigation on Zulip][Zulip] suggests that the unoptimized
+generated LLVM IR does not contain any UB itself, effectively mitigating
+further effects.
+
+[Zulip]: https://rust-lang.zulipchat.com/#narrow/stream/146229-wg-secure-code/topic/Implications.20of.20using.20.60slice.3A.3Aas_ptr.60.20for.20mutable.20access/near/216499472