rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for borrowck_sacrifices uninitialized memory

Browse Source 
Safe function any_as_u8_slice exposes uninitialized padding bytes. Fixed in 0.2.0.
This commit is contained in:
Lewis
2025-10-21 22:20:03 +08:00
committed by Dirkjan Ochtman
parent 1d7429a929
commit eadb6d890e
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
crates/borrowck_sacrifices/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,22 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "borrowck_sacrifices"
date = "2025-10-21"
url = "https://github.com/alexpyattaev/borrowck_sacrifices/issues/1"
informational = "unsound"
categories = ["memory-exposure"]
keywords = ["uninitialized-memory", "soundness"]
[affected.functions]
"borrowck_sacrifices::unsafe_casts::any_as_u8_slice" = ["< 0.2.0"]
[versions]
patched = [">= 0.2.0"]
```
# Uninitialized memory exposure in any_as_u8_slice
The safe function `any_as_u8_slice` can create byte slices that reference uninitialized memory when used with types containing padding bytes.
The function uses `slice::from_raw_parts` to create a `&[u8]` covering the entire size of a type, including padding bytes. According to Rust's documentation, `from_raw_parts` requires all bytes to be properly initialized, but padding bytes in structs are not guaranteed to be initialized. This violates the safety contract and causes undefined behavior.