[Bug]: atty potential unaligned read

[sebastienrousseau]

What happened?

Hi 👋

xtaskops seems to have a dependency on using clap v3.2.25 which has triggered a dependabot alert https://github.com/sebastienrousseau/shokunin/security/dependabot/8

On windows, atty dereferences a potentially unaligned pointer.

In practice however, the pointer won't be unaligned unless a custom global allocator is used.

In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.

[[package]]
name = "clap"
version = "3.2.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4ea181bf566f71cb9a5d17a59e1871af638180a18fb0035c92ae62b705207123"
dependencies = [
 "atty",
 "bitflags 1.3.2",
 "clap_lex 0.2.4",
 "indexmap 1.9.3",
 "strsim",
 "termcolor",
 "textwrap",
]

I believe this has been solved by clap in subsequent versions:

clap-rs/clap#5028

What type of Operating System?

Windows

Steps to produce this issue.

Please refer to my security alert:

https://github.com/sebastienrousseau/shokunin/security/dependabot/8

You can see the details in my [Cargo.lock](https://github.com/sebastienrousseau/shokunin/blob/main/Cargo.lock)

[yonas]

Checkout #9 for a fix.