OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
eab0949bf8fc5bacd7443bd0acfbcb4ea994480f
advisory-db/crates/prettytable-rs/RUSTSEC-2022-0074.md
github-actions[bot] 6d5b76eb3b Assigned RUSTSEC-2022-0074 to prettytable-rs (#1505) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
2022-12-27 21:48:04 +11:00

724 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0074"
package = "prettytable-rs"
date = "2022-12-02"
url = "https://github.com/phsym/prettytable-rs/issues/145"
informational = "unsound"
keywords = ["tab", "table", "format", "pretty", "print"]

[versions]
patched = [">= 0.10.0"]

Force cast a &Vec to &[T]

In function Table::as_ref, a reference of vector is force cast to slice. There are multiple problems here:

  1. To guarantee the size is correct, we have to first do Vec::shrink_to_fit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB.
  2. Even if (1) is sound, &Vec<T> and &[T] still might not have the same layout. Treating them equally may lead to UB.