Report string::retain() bug

rustsec · Jan 13, 2021 · e8b5db9 · e8b5db9
1 parent 8e1ad08
commit e8b5db9
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/rust/std/RUSTSEC-000-0000.md b/rust/std/RUSTSEC-000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "std"
+date = "2020-10-28"
+url = "https://github.com/rust-lang/rust/issues/78498"
+
+[affected.functions]
+"alloc::string::String::retain" = ["< 1.49.0, >= 1.26.0"]
+
+[versions]
+patched = [">= 1.49.0"]
+unaffected = ["< 1.26.0"]
+```
+
+# `String::retain()` may return non-UTF-8 string when the predicate closure panics
+
+The affected version of the Rust standard library shipped `String::retain()` that is not panic safe.
+The affected version of this API
+may leave the string in non-UTF-8 status if the provided predicate closure panics in the middle of the iteration.
+The standard library has an invariant that assumes all strings are UTF-8 encoded,
+so it could lead to a safety violation if that invalid string is used again in the unwinding path.
+The bug was fixed by truncating the string before the iteration.
+It now returns an empty string when the predicate panics.