Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

arr: Multiple security issues including data race, buffer overflow, and uninitialized memory drop #364

Merged
merged 1 commit into from
Aug 26, 2020

Conversation

Qwaz
Copy link
Contributor

@Qwaz Qwaz commented Aug 25, 2020

arr crate contains multiple security issues. Specifically,

  1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
  2. Index and IndexMut implementation does not check the array bound.
  3. Array::new_from_template() drops uninitialized memory.

Original issue report: sjep/array#1

@Shnatsel
Copy link
Member

Dropping ununit memory seems to be a common theme in your recent reports. I wonder if there's a specific pattern that clippy or rustc could lint against?

Thanks again!

@Shnatsel Shnatsel merged commit 19b654a into rustsec:master Aug 26, 2020
@Qwaz
Copy link
Contributor Author

Qwaz commented Aug 27, 2020

I've been recently working on common undefined behavior bug detection for Rust crates. It is still preliminary, but the initial run on crates.io seems promising as the recent stream of PRs show. I'm expecting more PRs like these, and please leave a comment here if you have any feedback as a RustSec maintainer :)

https://rust-lang.zulipchat.com/#narrow/stream/146229-wg-secure-code/topic/reporting-preference

@Qwaz Qwaz deleted the 0008-arr branch January 13, 2021 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants