update miniz_oxide to 0.8.8
#139605
Merged
update miniz_oxide to 0.8.8
#139605
+11
−11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0.8.7 can trigger a panic when debug assertions are enabled when used via flate2 in some cases
|
rustbot has assigned @Mark-Simulacrum. Use |
rustbot
added
A-testsuite
|
The Miri subtree was changed cc @rust-lang/miri These commits modify the If this was unintentional then you should revert the changes before this PR is merged. These commits modify the If this was unintentional then you should revert the changes before this PR is merged. |
|
@bors r+ |
bors
added
S-waiting-on-bors
ChrisDenton
added a commit
to ChrisDenton/rust
that referenced
this pull request
Apr 13, 2025
…=Mark-Simulacrum update ```miniz_oxide``` to 0.8.8 I would normally let the auto actions handle this but it turns out 0.8.7 can trigger a panic when debug assertions are enabled in a few cases so I feel it's important it gets sorted more quickly. (and I would ideally like to yank that version but was worried that could cause some issues had been pulled in as a dependency by this repo already before I discovered the problem) As it can only happen when debug assertions are enabled (the overflow results in the intended result so it doesn't cause any issue in release mode) and using the wrapping buffer mode when decompressing it is very unlikely to cause any issues here but I would like to get it sorted just to be safe. ```miniz_oxide``` is used in the standard library (and some tools) via ```backtrace-rs ``` which doesn't use a wrapping buffer, and thus won't trigger this condition. There does however seem like there are some tools that do dependency on ```flate2``` which does use ```miniz_oxide``` decompression using a a wrapping buffer and could in theory trigger it if they are run when compiled with debug assertions enabled. It's kinda unclear what version what tool uses though as several of them specify older versions of flate2 which depended on ```miniz_oxide``` 0.7.x in cargo.toml, and ```miniz_oxide```, and not all have a cargo.lock and due to an older version of ```backtrace``` being in the root Cargo.lock which still depended on ```miniz_oxide``` 0.7.4, so that version is also pulled in alongside the newer version.
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 13, 2025
…enton Rollup of 11 pull requests Successful merges: - rust-lang#138972 (std: Fix build for NuttX targets) - rust-lang#139177 (Use -C target-cpu=z13 on s390x vector test) - rust-lang#139511 (libtest: Pass the test's panic payload as Option instead of Result) - rust-lang#139605 (update ```miniz_oxide``` to 0.8.8) - rust-lang#139618 (compiletest: Make `SUGGESTION` annotations viral) - rust-lang#139677 (Fix profiler_builtins build script to handle full path to profiler lib) - rust-lang#139683 (Use `with_native_path` for Windows) - rust-lang#139695 (compiletest: consistently use `camino::{Utf8Path,Utf8PathBuf}` throughout) - rust-lang#139710 (Move `args` into `std::sys`) - rust-lang#139721 (End all lines in src/stage0 with trailing newline) - rust-lang#139726 (Move `select_unpredictable` to the `hint` module) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 13, 2025
…enton Rollup of 10 pull requests Successful merges: - rust-lang#138972 (std: Fix build for NuttX targets) - rust-lang#139177 (Use -C target-cpu=z13 on s390x vector test) - rust-lang#139511 (libtest: Pass the test's panic payload as Option instead of Result) - rust-lang#139605 (update ```miniz_oxide``` to 0.8.8) - rust-lang#139618 (compiletest: Make `SUGGESTION` annotations viral) - rust-lang#139677 (Fix profiler_builtins build script to handle full path to profiler lib) - rust-lang#139683 (Use `with_native_path` for Windows) - rust-lang#139710 (Move `args` into `std::sys`) - rust-lang#139721 (End all lines in src/stage0 with trailing newline) - rust-lang#139726 (Move `select_unpredictable` to the `hint` module) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 13, 2025
Rollup merge of rust-lang#139605 - oyvindln:update_miniz_oxide_0_8, r=Mark-Simulacrum update ```miniz_oxide``` to 0.8.8 I would normally let the auto actions handle this but it turns out 0.8.7 can trigger a panic when debug assertions are enabled in a few cases so I feel it's important it gets sorted more quickly. (and I would ideally like to yank that version but was worried that could cause some issues had been pulled in as a dependency by this repo already before I discovered the problem) As it can only happen when debug assertions are enabled (the overflow results in the intended result so it doesn't cause any issue in release mode) and using the wrapping buffer mode when decompressing it is very unlikely to cause any issues here but I would like to get it sorted just to be safe. ```miniz_oxide``` is used in the standard library (and some tools) via ```backtrace-rs ``` which doesn't use a wrapping buffer, and thus won't trigger this condition. There does however seem like there are some tools that do dependency on ```flate2``` which does use ```miniz_oxide``` decompression using a a wrapping buffer and could in theory trigger it if they are run when compiled with debug assertions enabled. It's kinda unclear what version what tool uses though as several of them specify older versions of flate2 which depended on ```miniz_oxide``` 0.7.x in cargo.toml, and ```miniz_oxide```, and not all have a cargo.lock and due to an older version of ```backtrace``` being in the root Cargo.lock which still depended on ```miniz_oxide``` 0.7.4, so that version is also pulled in alongside the newer version.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I would normally let the auto actions handle this but it turns out 0.8.7 can trigger a panic when debug assertions are enabled in a few cases so I feel it's important it gets sorted more quickly. (and I would ideally like to yank that version but was worried that could cause some issues had been pulled in as a dependency by this repo already before I discovered the problem)
As it can only happen when debug assertions are enabled (the overflow results in the intended result so it doesn't cause any issue in release mode) and using the wrapping buffer mode when decompressing it is very unlikely to cause any issues here but I would like to get it sorted just to be safe.
miniz_oxideis used in the standard library (and some tools) viabacktrace-rswhich doesn't use a wrapping buffer, and thus won't trigger this condition. There does however seem like there are some tools that do dependency onflate2which does useminiz_oxidedecompression using a a wrapping buffer and could in theory trigger it if they are run when compiled with debug assertions enabled.It's kinda unclear what version what tool uses though as several of them specify older versions of flate2 which depended on
miniz_oxide0.7.x in cargo.toml, andminiz_oxide, and not all have a cargo.lock and due to an older version ofbacktracebeing in the root Cargo.lock which still depended onminiz_oxide0.7.4, so that version is also pulled in alongside the newer version.