Report uninitialized memory drop on panic in telemetry

2026-01-05 11:10:38 +01:00 · 2021-03-28 23:47:51 -07:00
parent ca8a60b7be
commit e46aa5b08f
1 changed files with 21 additions and 0 deletions
--- a/crates/telemetry/RUSTSEC-0000-0000.md
+++ b/crates/telemetry/RUSTSEC-0000-0000.md
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "telemetry"
+date = "2021-02-17"
+url = "https://github.com/Yoric/telemetry.rs/issues/45"
+categories = ["memory-corruption"]
+keywords = ["memory-safety"]
+
+[versions]
+patched = []
+```
+
+# misc::vec_with_size() can drop uninitialized memory if clone panics
+
+`misc::vec_with_size` creates a vector of the provided `size` and immediately
+calls `vec.set_len(size)` on it, initially filling it with uninitialized memory.
+It then inserts elements using `vec[i] = value.clone()`.
+
+If the `value.clone()` call panics, uninitialized items in the vector will be
+dropped leading to undefined behavior.