OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Report out-of-bounds write in stackvec

Browse Source
This commit is contained in:
Ammar Askar
2021-03-29 09:47:23 -07:00
parent ca8a60b7be
commit d93ffb22ef
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
crates/stackvector/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,22 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "stackvector"
date = "2021-02-19"
url = "https://github.com/Alexhuszagh/rust-stackvector/issues/2"
categories = ["memory-corruption"]
[versions]
patched = []
```
# StackVec::extend can write out of bounds when size_hint is incorrect
`StackVec::extend` used the lower and upper bounds from an Iterator's
`size_hint` to determine how many items to push into the stack based vector.
If the `size_hint` implementation returned a lower bound that was larger than
the upper bound, `StackVec` would write out of bounds and overwrite memory
on the stack. As mentioned by the [size_hint](https://doc.rust-lang.org/std/iter/trait.Iterator.html#provided-methods)
documentation, `size_hint` is mainly for optimization and incorrect
implementations should not lead to memory safety issues.