rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for orx-pinned-vec undefined behavior

Browse Source 
Safe function index_of_ptr causes UB with empty slices. Fixed in 3.21.0.
This commit is contained in:
Lewis
2025-10-21 22:13:18 +08:00
committed by Dirkjan Ochtman
parent 0aa863854a
commit bc438901d4
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/orx-pinned-vec/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "orx-pinned-vec"
date = "2025-10-21"
url = "https://github.com/orxfun/orx-pinned-vec/issues/52"
references = ["https://github.com/orxfun/orx-pinned-vec/pull/53"]
informational = "unsound"
categories = ["memory-corruption"]
keywords = ["undefined-behavior", "soundness"]
[affected.functions]
"orx_pinned_vec::utils::slice::index_of_ptr" = ["< 3.21.0"]
[versions]
patched = [">= 3.21.0"]
```
# Undefined behavior in index_of_ptr with empty slices
The safe function `index_of_ptr` causes undefined behavior when called with an empty slice.
The issue occurs in the line `ptr.add(slice.len() - 1)` which underflows when `slice.len()` is 0, creating a pointer with a massive offset. According to Rust's safety rules, creating such a pointer causes immediate undefined behavior.