You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello 🦀 , we (Rust group @sslab-gatech) found a memory-safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities.
Issue Description
InputStream::read_exact() method creates an uninitialized buffer and passes it to user-provided Read implementation. This is unsound, because it may allow safe Rust code to exhibit an undefined behavior (read from uninitialized memory).
This part from the Read trait documentation explains the issue:
It is your responsibility to make sure that buf is initialized before calling read. Calling read with an uninitialized buf (of the kind one obtains via MaybeUninit<T>) is not safe, and can lead to undefined behavior.
Thank you for checking out this issue 👍
The text was updated successfully, but these errors were encountered:
Hello 🦀 , we (Rust group @sslab-gatech) found a memory-safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities.
Issue Description
InputStream::read_exact()method creates an uninitialized buffer and passes it to user-providedReadimplementation. This is unsound, because it may allow safe Rust code to exhibit an undefined behavior (read from uninitialized memory).This part from the
Readtrait documentation explains the issue:Thank you for checking out this issue 👍
The text was updated successfully, but these errors were encountered: