Skip to content

xous has unsound usages of `core::slice::from_raw_parts`

Low severity GitHub Reviewed Published Dec 30, 2024 to the GitHub Advisory Database • Updated Dec 30, 2024

Package

cargo xous (Rust)

Affected versions

< 0.9.51

Patched versions

0.9.51

Description

We consider as_slice and as_slice_mut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated from_parts. We consider that from_parts should be removed in latest version because it will help trigger unsoundness in as_slice. With new declared as unsafe, as_slice should also declared as unsafe.

This was patched in by marking two functions as unsafe.

References

Published to the GitHub Advisory Database Dec 30, 2024
Reviewed Dec 30, 2024
Last updated Dec 30, 2024

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-gv7f-5qqh-vxfx

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.