Added advisory for arrow2::ffi::Ffi_ArrowArray double free (#1204)

* Added advisory for Arrow2 FFI_ArrowArray * add "memory-corruption" category * Fix version Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2025-12-30 08:13:58 +01:00 · 2022-03-04 19:08:01 +01:00
parent 616ecfe7a3
commit 7b3eed6924
1 changed files with 24 additions and 0 deletions
--- a/crates/arrow2/RUSTSEC-0000-0000.md
+++ b/crates/arrow2/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "arrow2"
+date = "2022-03-04"
+url = "https://github.com/jorgecarleitao/arrow2/issues/880"
+categories = ["memory-corruption"]
+
+[versions]
+patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10"]
+```
+
+# Arrow2 allows double free in `safe` code
+
+The struct `Ffi_ArrowArray` implements `#derive(Clone)` that is inconsistent with
+its custom implementation of `Drop`, resulting in a double free when cloned.
+
+Cloning this struct in `safe` results in a segmentation fault, which is unsound.
+
+This derive was removed from this struct. All users are advised to either:
+* bump the patch version of this crate (for versions `v0.7,v0.8,v0.9`), or
+* migrate to a more recent version of  the crate (when using `<0.7`).
+
+Doing so elimitates this vulnerability (code no longer compiles).