From 9db09cf3a852a92d169399d3067dba193a8c4bab Mon Sep 17 00:00:00 2001
From: davidyo <lturtsamuel@gmail.com>
Date: Tue, 27 Dec 2022 18:47:27 +0800
Subject: [PATCH] Add unsound `prettytable-rs` (#1503)

* Add unsound infoirmation to prettytable-rs

* Minor fix

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
---
 crates/prettytable-rs/RUSTSEC-0000-0000.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 crates/prettytable-rs/RUSTSEC-0000-0000.md

diff --git a/crates/prettytable-rs/RUSTSEC-0000-0000.md b/crates/prettytable-rs/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..c9f36cd
--- /dev/null
+++ b/crates/prettytable-rs/RUSTSEC-0000-0000.md
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "prettytable-rs"
+date = "2022-12-02"
+url = "https://github.com/phsym/prettytable-rs/issues/145"
+informational = "unsound"
+keywords = ["tab", "table", "format", "pretty", "print"]
+
+[versions]
+patched = [">= 0.10.0"]
+```
+
+# Force cast a &Vec<T> to &[T]
+
+In function `Table::as_ref`, a reference of vector is force cast to slice. There are multiple problems here:
+1. To guarantee the size is correct, we have to first do `Vec::shrink_to_fit`. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB.
+2. Even if (1) is sound, `&Vec<T>` and `&[T]` still might not have the same layout. Treating them equally may lead to UB.