RUSTSEC-2020-0009: `read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks

Question

RUSTSEC-2020-0009: `read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks

Opened this issue 4 years ago · 0 comments

read_scalar and read_scalar_at allow transmuting values without unsafe blocks

Details
Package	`flatbuffers`
Version	`0.6.1`
URL	google/flatbuffers#5825
Date	2020-04-11
Unaffected versions	`< 0.4.0`

The read_scalar and read_scalar_at functions are unsound
because they allow transmuting values without unsafe blocks.

The following example shows how to create a dangling reference:

fn main() {
    #[derive(Copy, Clone, PartialEq, Debug)]
    struct S(&amp;&#39;static str);
    impl flatbuffers::EndianScalar for S {
        fn to_little_endian(self) -&gt; Self { self }
        fn from_little_endian(self) -&gt; Self { self }
    }
    println!(&quot;{:?}&quot;, flatbuffers::read_scalar::&lt;S&gt;(&amp;[1; std::mem::size_of::&lt;S&gt;()]));
}

See advisory page for additional details.