From d93ffb22ef6bdf34537c8a5a167f90382e6ad7c1 Mon Sep 17 00:00:00 2001
From: Ammar Askar <ammar@ammaraskar.com>
Date: Mon, 29 Mar 2021 09:47:23 -0700
Subject: [PATCH] Report out-of-bounds write in stackvec

---
 crates/stackvector/RUSTSEC-0000-0000.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 crates/stackvector/RUSTSEC-0000-0000.md

diff --git a/crates/stackvector/RUSTSEC-0000-0000.md b/crates/stackvector/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..eba62643d
--- /dev/null
+++ b/crates/stackvector/RUSTSEC-0000-0000.md
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "stackvector"
+date = "2021-02-19"
+url = "https://github.com/Alexhuszagh/rust-stackvector/issues/2"
+categories = ["memory-corruption"]
+
+[versions]
+patched = []
+```
+
+# StackVec::extend can write out of bounds when size_hint is incorrect
+
+`StackVec::extend` used the lower and upper bounds from an Iterator's
+`size_hint` to determine how many items to push into the stack based vector.
+
+If the `size_hint` implementation returned a lower bound that was larger than
+the upper bound, `StackVec` would write out of bounds and overwrite memory
+on the stack. As mentioned by the [size_hint](https://doc.rust-lang.org/std/iter/trait.Iterator.html#provided-methods)
+documentation, `size_hint` is mainly for optimization and incorrect
+implementations should not lead to memory safety issues.