GHSA-gv7f-5qqh-vxfx: xous has unsound usages of `core::slice::from_raw_parts`

December 30, 2024

We consider as_slice and as_slice_mut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated from_parts. We consider that from_parts should be removed in latest version because it will help trigger unsoundness in as_slice. With new declared as unsafe, as_slice should also declared as unsafe.

This was patched in by marking two functions as unsafe.

References

github.com/advisories/GHSA-gv7f-5qqh-vxfx
github.com/betrusted-io/xous-core
github.com/betrusted-io/xous-core/issues/410
github.com/betrusted-io/xous-core/pull/411
rustsec.org/advisories/RUSTSEC-2024-0431.html

Detect and mitigate GHSA-gv7f-5qqh-vxfx with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →