You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
memoffset allows reading uninitialized memory memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::size_of<T> may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::align_of. Older implementation prior to it allows using uninitialized data obtained from std::mem::uninitialized with arbitrary type then compute offset by taking the address of field-projection. This may also result in an undefined behavior for "father" that includes (directly or transitively) type that does not allow to be uninitialized.
A Medium severity Vulnerability GHSA-wfg4-322g-9vqv detected in Rust memoffset@0.5.6 was detected in Cargo.lock.
Details
https://qa-app.soos.io/c/in6/h/h7s7ot/projects/3rkyduoo0/branches/filescan0/issues?source=Vulnerability&search=GHSA-wfg4-322g-9vqv&
Description
memoffset allows reading uninitialized memory memoffset allows attempt of reading data from address
0with arbitrary type. This behavior is an undefined behavior because address0tostd::mem::size_of<T>may not have valid bit-pattern withT. Old implementation dereferences uninitialized memory obtained fromstd::mem::align_of. Older implementation prior to it allows using uninitialized data obtained fromstd::mem::uninitializedwith arbitrary type then compute offset by taking the address of field-projection. This may also result in an undefined behavior for "father" that includes (directly or transitively) type that does not allow to be uninitialized.This flaw was corrected by using
std::ptr::addr_ofin Gilnaa/memoffset#50.The text was updated successfully, but these errors were encountered: