OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 02:25:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add unsound prettytable-rs (#1503)

Browse Source 
* Add unsound infoirmation to prettytable-rs

* Minor fix

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
This commit is contained in:
davidyo
2022-12-27 18:47:27 +08:00
committed by GitHub
parent 487a60b7a5
commit 9db09cf3a8
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
crates/prettytable-rs/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,18 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "prettytable-rs"
date = "2022-12-02"
url = "https://github.com/phsym/prettytable-rs/issues/145"
informational = "unsound"
keywords = ["tab", "table", "format", "pretty", "print"]
[versions]
patched = [">= 0.10.0"]
```
# Force cast a &Vec<T> to &[T]
In function `Table::as_ref`, a reference of vector is force cast to slice. There are multiple problems here:
1. To guarantee the size is correct, we have to first do `Vec::shrink_to_fit`. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB.
2. Even if (1) is sound, `&Vec<T>` and `&[T]` still might not have the same layout. Treating them equally may lead to UB.