From 9611ff4c0e01ca8673a509836e9ac880fffce7e7 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Fri, 14 Aug 2020 21:24:17 +0200 Subject: [PATCH] Added note about invariants, specified resolution --- crates/rgb/RUSTSEC-0000-0000.toml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/crates/rgb/RUSTSEC-0000-0000.toml b/crates/rgb/RUSTSEC-0000-0000.toml index f2299c3..2a8d21f 100644 --- a/crates/rgb/RUSTSEC-0000-0000.toml +++ b/crates/rgb/RUSTSEC-0000-0000.toml @@ -10,11 +10,13 @@ description = """ Affected versions of rgb crate allow viewing and modifying data of any type `T` wrapped in `RGB` as bytes, and do not correctly constrain `RGB` and other wrapper structures to the types for which it is safe to do so. -If a type containing padding is wrapped in `RGB` and similar wrapper structures, -viewing it as bytes may lead to exposure of contents of uninitialized memory. +Safety violation possible for a type wrapped in `RGB` and similar wrapper structures: -If a type containing a pointer is wrapped in `RGB` and similar wrapper structures, -modifying it as bytes may lead to dereferencing of arbitrary pointers. + * If `T` contains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory. + * If `T` contains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers. + * Any safety and/or validity invariants for `T` may be violated. + +The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait. """ [versions] patched = [">= 0.8.20"]