flate2 has been creating a slice of uninitialized memory
Closed this issue · 5 comments
- discussion: rust-lang/flate2-rs#220
- affecting version range: < 1.0.28
- fixed in: 1.0.28
- release note: https://github.com/rust-lang/flate2-rs/releases/tag/1.0.28
@KisaragiEffective want to open a PR with an advisory?
@tarcieri maybe I will, but I'm not going to claim, so feel free to take this if you want :)
There is no evidence of the uninitialized memory ever being read from or otherwise exposed. And whether the mere existence of uninitialized u8 is acceptable or not was still being debated last time I checked.
So I don't think it warrants an advisory at this point.
We should file one later if either a read from uninit memory is demonstrated (as detected e.g. by Memory Sanitizer) or the Operational Semantics team comes to a conclusion on whether a slice of uninit u8 that is never read from is acceptable or not.
whether the mere existence of uninitialized u8 is acceptable or not
As noted by Manish on the issue, uninitialized memory is instantly UB.
This is not clear-cut. There is no normative document specifying this is UB. The Rust team in charge of writing said document has this on their issue tracker: rust-lang/unsafe-code-guidelines#346 - in particular, it mentions miri not prohibiting the existence of such references.
With the question not being clearly settled even theoretically, and especially with no evidence of any kind of real-world security issue, we're not going to publish an advisory for this and cause a great deal of churn for the whole ecosystem.
I do appreciate this issue report being filed and the problem being brought to our attention. But in this particular instance I do not believe a security advisory is warranted.