From cbeef93cf0065fe89f8e5dbe7fc5ed58c61a202e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eduardo=20S=C3=A1nchez=20Mu=C3=B1oz?= <esm@eduardosm.net>
Date: Sat, 11 Apr 2020 13:25:30 +0200
Subject: [PATCH] Add advisory for flatbuffers

---
 crates/flatbuffers/RUSTSEC-0000-0000.toml | 31 +++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 crates/flatbuffers/RUSTSEC-0000-0000.toml

diff --git a/crates/flatbuffers/RUSTSEC-0000-0000.toml b/crates/flatbuffers/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..cdf5a85
--- /dev/null
+++ b/crates/flatbuffers/RUSTSEC-0000-0000.toml
@@ -0,0 +1,31 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "flatbuffers"
+date = "2020-04-11"
+title = "`read_scalar` and `read_scalar_at` are unsound`"
+url = "https://github.com/google/flatbuffers/issues/5825"
+description = """
+The `read_scalar` and `read_scalar_at` functions are unsound
+because the allow transmuting values without `unsafe` blocks.
+
+The following example shows how to create a dangling reference:
+
+```
+fn main() {
+    #[derive(Copy, Clone, PartialEq, Debug)]
+    struct S(&'static str);
+    impl flatbuffers::EndianScalar for S {
+        fn to_little_endian(self) -> Self { self }
+        fn from_little_endian(self) -> Self { self }
+    }
+    println!("{:?}", flatbuffers::read_scalar::<S>(&[1; std::mem::size_of::<S>()]));
+}
+```
+"""
+
+[affected.functions]
+"flatbuffers::read_scalar" = []
+"flatbuffers::read_scalar_at" = []
+
+[versions]
+patched = []