From 9e0c88bd78c460e0f40f0ae8a5cd31b4621b6073 Mon Sep 17 00:00:00 2001 From: Andrew Lamb Date: Fri, 24 Jun 2022 10:17:18 -0400 Subject: [PATCH] Clarify flatbuffers RUSTSEC-2021-0122.md (#1268) It may be hard for non Rust experts to understand what the implications of "is `unsafe` but not marked as such" means I propose adding some more supporting information --- crates/flatbuffers/RUSTSEC-2021-0122.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crates/flatbuffers/RUSTSEC-2021-0122.md b/crates/flatbuffers/RUSTSEC-2021-0122.md index c56e594..ecce190 100644 --- a/crates/flatbuffers/RUSTSEC-2021-0122.md +++ b/crates/flatbuffers/RUSTSEC-2021-0122.md @@ -15,6 +15,10 @@ patched = [] Code generated by flatbuffers' compiler is `unsafe` but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. +For example, if generated code is used to decode malformed or untrusted input +undefined behavior (and thus security vulnerabilities) are possible even without +the use of the `unsafe` keyword, [violating the the meaning of `safe`](https://doc.rust-lang.org/std/keyword.unsafe.html#the-different-meanings-of-unsafe) code; + All users that use generated code by `flatbuffers` compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit their code and look for any usage of `follow`, `push`, or any method that uses them