Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer overflow in crossbeam skiplist might need advisory #1504

Closed
Shnatsel opened this issue Dec 27, 2022 · 3 comments
Closed

Buffer overflow in crossbeam skiplist might need advisory #1504

Shnatsel opened this issue Dec 27, 2022 · 3 comments

Comments

@Shnatsel
Copy link
Member

crossbeam-rs/crossbeam#940

@taiki-e
Copy link
Contributor

taiki-e commented Dec 27, 2022

It still reads the valid values that we allocated, so I don't think it causes security issues like buffer overflow right away. However, the informational="unsound" advisory may make sense since it definitely violated the get_unchecked's safety contract.

(In any case, I should release the fix soon...)

@Shnatsel
Copy link
Member Author

Thanks for the context! In that case I don't think an advisory is necessary. This may still pose some issues wrt aliasing, but there's a separate issue tracking aliasing issues: crossbeam-rs/crossbeam#878

@Shnatsel
Copy link
Member Author

Besides that, I'm not thrilled about this being an Index implementation instead of a separate unsafe fn. While this probably doesn't cause any issues for end users now, this makes the code easy to mess up when making any changes in the future, so I wouldn't be surprised if I find myself filing an advisory about crossbeam later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants