Scope API is unsound
#9
Comments
Xudong-Huang
added a commit
that referenced
this issue
Feb 18, 2019
|
thanks for the advise. I just remove the unsafe |
|
I think this can be closed. It's all in 0.6.12 |
|
Accessing a dangling pointer is usually an exploitable vulnerability. Please file a security advisory at https://github.com/RustSec/advisory-db so that users of this crate can check if they're running a vulnerable version and upgrade. Also, please consider yanking affected versions. |
|
Thanks for the info. I will do it in next release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Scope::newtakes 2*mut Option<_>parameters, but the rest of theScopeAPI assumes that those raw pointers are valid. For example, the publicget_yieldmethod does the following:Calling
Scope::newwith invalid (null, misaligned or dangling) pointers is possible in safe Rust, andget_yieldcan also be called from safe Rust, therefore this API is unsound.Either
Scope::newshould be markedunsafe, or it should take&'a mut Option<_>instead of raw pointers, adding a lifetime parameter toScope.The text was updated successfully, but these errors were encountered: