From fefcc933d861ab840d70c242871412eeef11dc84 Mon Sep 17 00:00:00 2001 From: JOE1994 Date: Sun, 24 Jan 2021 22:16:52 -0500 Subject: [PATCH 1/2] Report 0101-gfx-auxil to RustSec --- crates/gfx-auxil/RUSTSEC-0000-0000.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 crates/gfx-auxil/RUSTSEC-0000-0000.md diff --git a/crates/gfx-auxil/RUSTSEC-0000-0000.md b/crates/gfx-auxil/RUSTSEC-0000-0000.md new file mode 100644 index 000000000..c2a3278c0 --- /dev/null +++ b/crates/gfx-auxil/RUSTSEC-0000-0000.md @@ -0,0 +1,18 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "gfx-auxil" +date = "2021-01-07" +url = "https://github.com/gfx-rs/gfx/issues/3567" +categories = ["memory-exposure"] + +[versions] +patched = [] +``` + +# Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` ) + +Affected versions of this crate passes an uninitialized buffer to a user-provided `Read` implementation. + +Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. +Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior. \ No newline at end of file From bdcee613ecea9f818e9a672f497d0f3cc22e0cc2 Mon Sep 17 00:00:00 2001 From: Youngsuk Kim Date: Fri, 9 Apr 2021 19:13:52 -0400 Subject: [PATCH 2/2] add 'informational = unsound' --- crates/gfx-auxil/RUSTSEC-0000-0000.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crates/gfx-auxil/RUSTSEC-0000-0000.md b/crates/gfx-auxil/RUSTSEC-0000-0000.md index c2a3278c0..db54a1dcb 100644 --- a/crates/gfx-auxil/RUSTSEC-0000-0000.md +++ b/crates/gfx-auxil/RUSTSEC-0000-0000.md @@ -5,6 +5,7 @@ package = "gfx-auxil" date = "2021-01-07" url = "https://github.com/gfx-rs/gfx/issues/3567" categories = ["memory-exposure"] +informational = "unsound" [versions] patched = [] @@ -15,4 +16,4 @@ patched = [] Affected versions of this crate passes an uninitialized buffer to a user-provided `Read` implementation. Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. -Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior. \ No newline at end of file +Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.