From 5b68bd5a1f120efc661cc5807cbcfd1b37e1ac3c Mon Sep 17 00:00:00 2001
From: HeroicKatora <HeroicKatora@users.noreply.github.com>
Date: Fri, 20 Nov 2020 16:06:26 +0100
Subject: [PATCH] Advisory for image issue 1357 (#488)

---
 crates/image/RUSTSEC-0000-0000.md | 35 +++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 crates/image/RUSTSEC-0000-0000.md

diff --git a/crates/image/RUSTSEC-0000-0000.md b/crates/image/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..75b4343
--- /dev/null
+++ b/crates/image/RUSTSEC-0000-0000.md
@@ -0,0 +1,35 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "image"
+date = "2020-11-12"
+url = "https://github.com/image-rs/image/issues/1357"
+informational = "unsound"
+keywords = ["pointer", "cast", "provenance"]
+
+[versions]
+patched = [">= 0.23.12"]
+
+[affected.functions]
+"image::Bgr::from_slice_mut" = ["< 0.23.12"]
+"image::Bgra::from_slice_mut" = ["< 0.23.12"]
+"image::Luma::from_slice_mut" = ["< 0.23.12"]
+"image::LumaA::from_slice_mut" = ["< 0.23.12"]
+"image::Rgb::from_slice_mut" = ["< 0.23.12"]
+"image::Rgba::from_slice_mut" = ["< 0.23.12"]
+```
+
+# Mutable reference with immutable provenance
+
+A mutable reference to a struct was constructed by dereferencing a pointer
+obtained from `slice::as_ptr`. Instead, `slice::as_mut_ptr` should have been
+called on the mutable slice argument. The former performs an implicit reborrow
+as an immutable shared reference which does not allow writing through the
+derived pointer.
+
+There is no evidence for miscompilation, exploitable or otherwise, caused by
+this bug. [Further investigation on Zulip][Zulip] suggests that the unoptimized
+generated LLVM IR does not contain any UB itself, effectively mitigating
+further effects.
+
+[Zulip]: https://rust-lang.zulipchat.com/#narrow/stream/146229-wg-secure-code/topic/Implications.20of.20using.20.60slice.3A.3Aas_ptr.60.20for.20mutable.20access/near/216499472