GHSA-83gg-pwxf-jr89: `array!` macro is unsound in presence of traits that implement methods it calls internally
(updated )
Affected versions of this crate called some methods using auto-ref. The affected code looked like this.
let mut arr = $crate::__core::mem::MaybeUninit::uninit();
let mut vec = $crate::__ArrayVec::<T>::new(arr.as_mut_ptr() as *mut T);
In this case, the problem is that as_mut_ptr
is a method of &mut MaybeUninit
, not MaybeUninit
. This made it possible for traits to hijack the method calls in order to cause unsoundness.
trait AsMutPtr<T> {
fn as_mut_ptr(&self) -> *mut T;
}
impl<T> AsMutPtr<T> for std::mem::MaybeUninit<T> {
fn as_mut_ptr(&self) -> *mut T {
std::ptr::null_mut()
}
}
array![0; 1];
The flaw was corrected by explicitly referencing variables in macro body in order to avoid auto-ref.
References
- github.com/advisories/GHSA-83gg-pwxf-jr89
- github.com/rustsec/advisory-db/blob/main/crates/array-macro/RUSTSEC-2020-0161.md
- github.com/xfix/array-macro
- github.com/xfix/array-macro/commit/01940637dd8f3bfeeee3faf9639fa9ae52f19f4d
- gitlab.com/KonradBorowski/array-macro/-/commit/01940637dd8f3bfeeee3faf9639fa9ae52f19f4d
- rustsec.org/advisories/RUSTSEC-2020-0161.html
Detect and mitigate GHSA-83gg-pwxf-jr89 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →