atty potential unaligned read
#1457
Comments
|
Hey thanks :) Would you mind filing a PR with To me it also looks like it's not maintained so we can go with that too 👍 |
|
People also at Wg-unsafe-guidelines agree that this indeed is unsound Thanks to @thomcc who had picked up when this was being ported to std and pointed to: Also thanks to @digama0 to also confirm this |
|
Resolved via #1462 |
This was referenced Nov 22, 2022
bors bot
added a commit
to cross-rs/cross
that referenced
this issue
Nov 22, 2022
1151: Replace atty with is-terminal. r=Emilgardis a=Alexhuszagh Although this doesn't affect cross (since we do not use custom allocators), this address [rustsec-1457](rustsec/advisory-db#1457). Co-authored-by: Alex Huszagh <ahuszagh@gmail.com>
etehtsea
added a commit
to etehtsea/spin
that referenced
this issue
Dec 11, 2022
Refs: - softprops/atty#57 - clap-rs/clap#4249 - rustsec/advisory-db#1457 - rust-lang/rust#98070 Signed-off-by: Konstantin Shabanov <mail@etehtsea.me>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I found some discussions on a potential unaligned read in
atty(10,564,450 recent downloads; 3 years since the last release). I think it legitimately looks like a soundness bug (though I guess it won't cause issues with the usual global allocators?). The issue was filed more than a year ago.If I understand correctly,
FILE_NAME_INFOboils down to a struct likewhich has align 4 (playground). The vector
name_info_bytesin https://github.com/softprops/atty/blob/7b5df17888997d57c2c1c8f91da1db5691f49953/src/lib.rs#L131-L141 need not be 4 byte aligned (though with any sane allocator it will be?).Links:
attyclapattymaintenance status issueThe text was updated successfully, but these errors were encountered: