Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

impl Random on arrays can lead to dropping uninitialized memory #5

Closed
JOE1994 opened this issue Jan 1, 2021 · 3 comments · Fixed by #7
Closed

impl Random on arrays can lead to dropping uninitialized memory #5

JOE1994 opened this issue Jan 1, 2021 · 3 comments · Fixed by #7

Comments

@JOE1994
Copy link

JOE1994 commented Jan 1, 2021

Hello 🦀 ,
we (Rust group @sslab-gatech) found a memory-safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities.

Issue Description

autorand-rs/src/lib.rs

Lines 160 to 170 in c838309

impl<T: Random> Random for [T; $s] {
fn random() -> Self {
unsafe {
let mut array: [T; $s] = std::mem::uninitialized();
for i in 0..$s {
std::ptr::write(&mut array[i], T::random());
}
array
}
}
}

T::random() can potentially panic (since Random is a public trait and users can implement it on custom types) and if it does,
the partially initialized array is dropped. Thus T::drop() can be invoked on uninitialized memory, leading to undefined behavior.

Thank you for reviewing this issue 👍
@JOE1994 JOE1994 mentioned this issue Jan 1, 2021
Closed
@mersinvald
Copy link
Owner

Thank you for pointing that out, I'll release a fixed version right away.

Great work, thanks for making Rust open-source safer

mersinvald added a commit that referenced this issue Jan 18, 2021
@mersinvald
fix: use MaybeUninit to avoid possible dropping of uninitialized memory
a8cd03c 
Closes #5
@mersinvald mersinvald mentioned this issue Jan 18, 2021
Merged
mersinvald added a commit that referenced this issue Jan 18, 2021
@mersinvald
fix: use MaybeUninit to avoid possible dropping of uninitialized memory
565d508 
Closes #5
@JOE1994
Copy link
Author

JOE1994 commented Jan 20, 2021

Thank you for your feedback! Would you also mind publishing a new release containing the fix to crates.io?

@mersinvald
Copy link
Owner

Yeah, doing just that

@JOE1994 JOE1994 mentioned this issue Jan 20, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@mersinvald @JOE1994