Headline

GHSA-74r5-g7vc-j2v2: zerovec-derive incorrectly uses `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that #[repr(packed)] has a guaranteed field order.

The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 (1.80.0-beta) starts reordering fields of #[repr(packed)] structs, leading to illegal memory accesses.

The patched versions 0.9.7 and 0.10.4 use #[repr(C, packed)], which guarantees field order.

4 months ago

ghsa

Open in Source

#git

GitHub Advisory Database
GitHub Reviewed
GHSA-74r5-g7vc-j2v2

zerovec-derive incorrectly uses `#[repr(packed)]`

Moderate severity GitHub Reviewed Published Jul 8, 2024 to the GitHub Advisory Database • Updated Jul 8, 2024

Package

cargo zerovec-derive (Rust)

Affected versions

>= 0.10.0, < 0.10.4

< 0.9.7

Patched versions

0.10.4

0.9.7

The affected versions make unsafe memory accesses under the assumption that #[repr(packed)] has a guaranteed field order.

The Rust specification does not guarantee this, and rust-lang/rust#125360 (1.80.0-beta) starts
reordering fields of #[repr(packed)] structs, leading to illegal memory accesses.

The patched versions 0.9.7 and 0.10.4 use #[repr(C, packed)], which guarantees field order.

References