From 27aa255f11de30c65647839ab14327c3d9a89e44 Mon Sep 17 00:00:00 2001 From: Kisaragi <48310258+KisaragiEffective@users.noreply.github.com> Date: Wed, 21 Jun 2023 21:23:59 +0900 Subject: [PATCH] Add advisory to `memoffset` (#1721) * Add advisory to `memoffset` * fix invalid category --- crates/memoffset/RUSTSEC-0000-0000.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 crates/memoffset/RUSTSEC-0000-0000.md diff --git a/crates/memoffset/RUSTSEC-0000-0000.md b/crates/memoffset/RUSTSEC-0000-0000.md new file mode 100644 index 000000000..64ca13e4b --- /dev/null +++ b/crates/memoffset/RUSTSEC-0000-0000.md @@ -0,0 +1,19 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "memoffset" +date = "2023-06-21" +url = "https://github.com/Gilnaa/memoffset/issues/24" +informational = "unsound" +categories = ["memory-corruption"] +keywords = ["memoffset", "offset"] +[affected] +functions = { "memoffset::offset_of" = ["< 0.6.2"] } +[versions] +patched = [">= 0.6.2"] +``` + +# memoffset allows reading uninitialized memory +memoffset allows attempt of reading data from address `0` with arbitrary type. This behavior is an undefined behavior because address `0` to `std::mem::size_of` may not have valid bit-pattern with `T`. Old implementation dereferences uninitialized memory obtained from `std::mem::align_of`. Older implementation prior to it allows using uninitialized data obtained from `std::mem::uninitialized` with arbitrary type then compute offset by taking the address of field-projection. This may also result in an undefined behavior for "father" that includes (directly or transitively) type that [does not allow to be uninitialized](https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html). + +This flaw was corrected by using `std::ptr::addr_of` in .