From 7425061bce95976f6bd1309189ec8d806db22673 Mon Sep 17 00:00:00 2001 From: Shihao Xia Date: Fri, 25 Apr 2025 14:35:42 -0400 Subject: [PATCH 1/2] init --- crates/fast-able/RUSTSEC-0000-0000.md | 36 +++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 crates/fast-able/RUSTSEC-0000-0000.md diff --git a/crates/fast-able/RUSTSEC-0000-0000.md b/crates/fast-able/RUSTSEC-0000-0000.md new file mode 100644 index 000000000..e401faf0e --- /dev/null +++ b/crates/fast-able/RUSTSEC-0000-0000.md @@ -0,0 +1,36 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "fast-able" +date = "2025-04-25" +categories = ["memory-corruption"] +``` + +# Possible unsound public API + +At src/vec.rs: + +```rust +impl SyncVec +where + V: Clone, +{ + pub fn to_vec(&self) -> Vec { + let mut v = Vec::new(); + for i in self.iter() { + v.push(i.clone()); + } + v + } +} + +impl SyncVec { + ... + #[inline] + pub fn get_uncheck(&self, index: usize) -> &V { + unsafe { (&*self.dirty.get()).get_unchecked(index) } + } +``` + +The public accessible struct SyncVec has a public method get_unchecked. It accept a parameter index and used in the get_unchecked without sufficient checks as mentioned [here](https://doc.rust-lang.org/std/primitive.slice.html#method.get_unchecked). In Rust, safe function should not cause memory risks. + From 8d9e74b8fa8c7f549e8c671b9b6a6ca3fdc72594 Mon Sep 17 00:00:00 2001 From: Shihao Xia Date: Fri, 25 Apr 2025 15:17:06 -0400 Subject: [PATCH 2/2] add missing fields --- crates/fast-able/RUSTSEC-0000-0000.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crates/fast-able/RUSTSEC-0000-0000.md b/crates/fast-able/RUSTSEC-0000-0000.md index e401faf0e..33fca3dad 100644 --- a/crates/fast-able/RUSTSEC-0000-0000.md +++ b/crates/fast-able/RUSTSEC-0000-0000.md @@ -4,6 +4,10 @@ id = "RUSTSEC-0000-0000" package = "fast-able" date = "2025-04-25" categories = ["memory-corruption"] + +[versions] +patched = [] +unaffected = [] ``` # Possible unsound public API