Advisories for Cargo/Rusqlite package

2022

Incorrect Lifetime Bounds on Closures in `rusqlite`

The lifetime bound on several closure-accepting rusqlite functions (specifically, functions which register a callback to be later invoked by SQLite) was too relaxed. If a closure referencing borrowed values on the stack is was passed to one of these functions, it could allow Rust code to access objects on the stack after they have been dropped. The impacted functions are: Under cfg(feature = "functions"): Connection::create_scalar_function, Connection::create_aggregate_function and Connection::create_window_function. Under cfg(feature …

2021