Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed invariant violation in MemBio::get_buf with empty results #2266

Merged
merged 1 commit into from
Jul 21, 2024
Merged

Fixed invariant violation in MemBio::get_buf with empty results #2266

merged 1 commit into from
Jul 21, 2024

Conversation

alex
Copy link
Collaborator

@alex alex commented Jul 21, 2024

Pointer arguments to slice::from_raw_parts are required to be non-null. (See https://davidben.net/2024/01/15/empty-slices.html for details.)

@alex
Fixed invariant violation in MemBio::get_buf with empty results
142deef 
Pointer arguments to `slice::from_raw_parts` are required to be non-null. (See https://davidben.net/2024/01/15/empty-slices.html for details.)
@alex alex mentioned this pull request Jul 21, 2024
Closed
@alex alex merged commit aef36e0 into sfackler:master Jul 21, 2024
61 checks passed
@alex alex deleted the mem-bio-invariant branch July 21, 2024 12:59
This was referenced Jul 22, 2024
Closed
Closed
Open
Closed
Open
Closed
doitian added a commit to doitian/ckb that referenced this pull request Jul 22, 2024
@doitian
chore(deps): upgrade openssl crate
4957ce8 
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```
Desiki-high added a commit to Desiki-high/nydus that referenced this pull request Jul 22, 2024
@Desiki-high
chore(deps): upgrade openssl crate
a482274 
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```

Signed-off-by: Yadong Ding <ding_yadong@foxmail.com>
Desiki-high added a commit to Desiki-high/nydus that referenced this pull request Jul 22, 2024
@Desiki-high
chore(deps): upgrade openssl crate
1ad7e87 
```
    ┌─ /github/workspace/Cargo.lock:148:1
    │
148 │ openssl 0.10.55 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```

Signed-off-by: Yadong Ding <ding_yadong@foxmail.com>
doitian added a commit to doitian/ckb-cli that referenced this pull request Jul 22, 2024
@doitian
chore(deps): upgrade openssl crate
51ee684 
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```
@cedricschwyter cedricschwyter mentioned this pull request Jul 22, 2024
Merged
This was referenced Jul 23, 2024
Closed
Closed
Closed
This was referenced Jul 31, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sfackler sfackler sfackler approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alex @sfackler