uninitialized memory can be dropped on panic: 'misc::vec_with_size()'

[JOE1994]

Hello,
we (Rust group @sslab-gatech) found a memory-safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities.

Issue Description

telemetry.rs/src/misc.rs

Lines 138 to 151 in 5c810a8

	pub fn vec_with_size<T>(size: usize, value: T) -> Vec<T>
	where T: Clone
	{
	let mut vec = Vec::with_capacity(size);
	unsafe {
	// Resize. In future versions of Rust, we should
	// be able to use `vec.resize`.
	vec.set_len(size);
	for i in 0 .. size {
	vec[i] = value.clone();
	}
	}
	vec
	}

User provided T::clone() can potentially panic, and if T::clone() panics while vec is (partially) uninitialized, uninitialized memory (uninitialized T) is dropped and can lead to undefined behavior.

Thank you for checking out this issue :)

[Shnatsel]

Heads up: this issue has been included in the RustSec advisory database. It will be surfaced by tools such as cargo-audit or cargo-deny from now on.

Once a fix is released to crates.io, please open a pull request to update the advisory with the patched version, or file an issue on the advisory database repository.