Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

flate2-rs with zlib may be unsound due to calls to getenv #272

Closed
xerxes12354 opened this issue Apr 28, 2021 · 2 comments
Closed

flate2-rs with zlib may be unsound due to calls to getenv #272

xerxes12354 opened this issue Apr 28, 2021 · 2 comments

Comments

@xerxes12354
Copy link

I was looking at the time crate wondering why the time crate didn't give offsets, and I stumbled upon this thread on Internals. This seems like a big problem so I went looking for FFI crates where this could be a problem.

This only occurs on ARM because the getenv call is only for ARM feature detection.

zlib-ng uses getenv https://github.com/zlib-ng/zlib-ng/blob/9f784908599006e9f09599b85b495bdcda1f25c4/arch/arm/armfeature.c#L21, it looks like this wrapper has a data race when set_env is called in another thread.

@alexcrichton
Copy link
Member

Thanks for the report, but you can't reasonably expect all Rust projects which call C to magically handle this. Opening an issue on each separate repository I don't think is productive.

@xerxes12354
Copy link
Author

This exposes an unsound API to safe code, violating safety guarantees.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants