Add advisory for flatbuffers

2025-12-28 23:36:15 +01:00 · 2020-04-11 13:25:30 +02:00
parent eaa3243b39
commit cbeef93cf0
1 changed files with 31 additions and 0 deletions
--- a/crates/flatbuffers/RUSTSEC-0000-0000.toml
+++ b/crates/flatbuffers/RUSTSEC-0000-0000.toml
@@ -0,0 +1,31 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "flatbuffers"
+date = "2020-04-11"
+title = "`read_scalar` and `read_scalar_at` are unsound`"
+url = "https://github.com/google/flatbuffers/issues/5825"
+description = """
+The `read_scalar` and `read_scalar_at` functions are unsound
+because the allow transmuting values without `unsafe` blocks.
+
+The following example shows how to create a dangling reference:
+
+```
+fn main() {
+    #[derive(Copy, Clone, PartialEq, Debug)]
+    struct S(&'static str);
+    impl flatbuffers::EndianScalar for S {
+        fn to_little_endian(self) -> Self { self }
+        fn from_little_endian(self) -> Self { self }
+    }
+    println!("{:?}", flatbuffers::read_scalar::<S>(&[1; std::mem::size_of::<S>()]));
+}
+```
+"""
+
+[affected.functions]
+"flatbuffers::read_scalar" = []
+"flatbuffers::read_scalar_at" = []
+
+[versions]
+patched = []