-
-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible soundness bug: alignment not checked #50
Comments
Shnatsel
added a commit
to rust-secure-code/cargo-supply-chain
that referenced
this issue
Nov 4, 2022
Techcable
added a commit
to slog-rs/term
that referenced
this issue
Nov 28, 2022
Switches to newer `is-terminal` crate instead. This functionality is also availible on the nightly Rust stdlib as a `std::io::IsTerminal` trait. Avoids RUSTSEC-2021-0145 (softprops/atty#50) Fixes slog-rs/slog#319 Based on the information in the vulnerability database, I don't consider this a particularly serious bug. > In practice however, the pointer won't be unaligned unless a custom global allocator is used.
1 task
This was referenced Feb 27, 2023
This was referenced Mar 24, 2023
This was referenced Apr 5, 2023
This was referenced Apr 11, 2023
This was referenced Jun 27, 2024
now recommending users move to the std.io.IsTerminal available since rust 1.17.0 in this repos readme |
This was referenced Aug 9, 2024
This was referenced Sep 7, 2024
This was referenced Oct 7, 2024
This was referenced Nov 9, 2024
This was referenced Nov 19, 2024
This was referenced Dec 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
atty/src/lib.rs
Lines 131 to 141 in 7b5df17
As far as I can tell, the pointer deference on line 141 in unsound, as there is no guarantee the vector will be properly aligned for
FILE_NAME_INFO
(which has an alignment of 4 due toFileNameLength
being au32
)The text was updated successfully, but these errors were encountered: