From eadb6d890e48f2d0b3e52b68c34738f340e023e7 Mon Sep 17 00:00:00 2001 From: Lewis Date: Tue, 21 Oct 2025 22:20:03 +0800 Subject: [PATCH] Add advisory for borrowck_sacrifices uninitialized memory Safe function any_as_u8_slice exposes uninitialized padding bytes. Fixed in 0.2.0. --- .../borrowck_sacrifices/RUSTSEC-0000-0000.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 crates/borrowck_sacrifices/RUSTSEC-0000-0000.md diff --git a/crates/borrowck_sacrifices/RUSTSEC-0000-0000.md b/crates/borrowck_sacrifices/RUSTSEC-0000-0000.md new file mode 100644 index 00000000..0f72432e --- /dev/null +++ b/crates/borrowck_sacrifices/RUSTSEC-0000-0000.md @@ -0,0 +1,22 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "borrowck_sacrifices" +date = "2025-10-21" +url = "https://github.com/alexpyattaev/borrowck_sacrifices/issues/1" +informational = "unsound" +categories = ["memory-exposure"] +keywords = ["uninitialized-memory", "soundness"] + +[affected.functions] +"borrowck_sacrifices::unsafe_casts::any_as_u8_slice" = ["< 0.2.0"] + +[versions] +patched = [">= 0.2.0"] +``` + +# Uninitialized memory exposure in any_as_u8_slice + +The safe function `any_as_u8_slice` can create byte slices that reference uninitialized memory when used with types containing padding bytes. + +The function uses `slice::from_raw_parts` to create a `&[u8]` covering the entire size of a type, including padding bytes. According to Rust's documentation, `from_raw_parts` requires all bytes to be properly initialized, but padding bytes in structs are not guaranteed to be initialized. This violates the safety contract and causes undefined behavior.