static-alloc vulnerability leads to uninitialized read after allocating MemBump
The affected function, MemBump::new(), would allocate memory without initializing it. Subsequently calling the created value's various allocmethods would then read and write the start of that memory as a Cell which isundefined behavior. Instead, it should zero initialize the start of the allocated memory. For instance, some values could violate the internal invariants of the type and cause an assertion failure. Nevertheless, no deterministic read is known tocause further uninitialized …