jeaye/ncurses-rs

`printw` should not be exposed.

thomcc opened this issue · 2 comments

It's very difficult / impossible to use this function from rust without introducing a format string vulnerability into your code (which can be used to trigger arbitrary code execution).

If you must expose something like it, have it just call addstr or mark it as unsafe (and deprecate it in both cases, IMO).

See also: #149 and #125.

This function still should have been marked as unsafe, since it's trivial to cause an exploitable memory safety issue when calling it...

Deprecation is definitely insufficient because it's not transitive, and more importantly, people do not expect "deprecated" to mean "using this may cause memory errors". However, that's exactly what unsafe fn communicates.

This is a serious security issue - such bugs can be easily exploited to get remote code execution. Please mark printw as unsafe fn and release an updated version. This is a breaking change, but I don't see a way to fix the exploit in a semver-compatible way.