You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ArrayVec::insert allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds.
#![forbid(unsafe_code)]use stack::{ArrayVec,Vector,Array};fnmain(){// 1. `Vector::insert` is missing an upper bounds-check on its index// allowing for arbitrary memory writes.//// In debug mode this will panic with integer overflow. In release mode it// segfaults the program when it writes junk into the heap.//// https://github.com/arcnmx/stack-rs/blob/76cc1855a3ce966182bcf6fb2dc6a1d765cb5138/src/vector.rs#L51-L60letmut vec :ArrayVec<[u8;2]> = ArrayVec::with_capacity(2);
vec.insert(5,0x41);// 2. The `array` in `ArrayVec` uses `std::mem::uninitialized`. While this// isn't a big concern, seeing as only a few types are allowed to inhabit// ArrayVec<T>, this should be replaced. See https://github.com/servo/rust-smallvec/issues/126}
ArrayVec::insert
allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds.Issue number 2 is pointed out in #3.
The text was updated successfully, but these errors were encountered: