Memory safe violation by abusing `__private_get_type_id__`
Qwaz opened this issue · 1 comments
Qwaz commented
I noticed that it is possible to cause type confusion in downcast by manually implementing __private_get_type_id__.
Although the name of the function clearly shows that it is a private API, I believe a safe Rust program should not violate the memory safety guaranteed by Rust type system.
Qwaz commented
Actually, the bug here looks very similar to what happened to the standard library:
https://rustsec.org/advisories/CVE-2019-12083.html