Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Please, release a new version #7

Open
eduardosm opened this issue Jun 1, 2020 · 6 comments
Open

Please, release a new version #7

eduardosm opened this issue Jun 1, 2020 · 6 comments

Comments

@eduardosm
Copy link

The implementation of the data and data_mut functions is highly unsafe:

rust-traitobject/src/lib.rs

Lines 13 to 22 in a8a36dc

pub unsafe fn data<T: ?Sized>(val: *const T) -> *const () {
*mem::transmute::<*const *const T, *const *const ()>(&val)
}
/// Get the data pointer from this trait object, mutably.
///
/// Highly unsafe, as there is no information about the type of the data.
pub unsafe fn data_mut<T: ?Sized>(mut val: *mut T) -> *mut () {
*mem::transmute::<*mut *mut T, *mut *mut ()>(&mut val)
}

This assumes that the first element is a fat pointer is the data pointer. This is currently true, but it can change in a newer rust version, which would make this crate a potential security hole.

Commit 99b1993 fixed this, but it has not been released into a new version. Please, publish a new version (0.1.1) that includes this commit (and possibly yank the previous versions).
@willfindlay
Copy link

@reem This is currently the subject of a security advisory. Would you consider addressing this?

@philip-peterson
Copy link

Because it seems this repository is unmaintained, I have forked it with the submitted patches and issues merged here: https://github.com/philip-peterson/destructure_traitobject

@ranweiler ranweiler mentioned this issue Oct 20, 2021
Closed
@zonyitoo
Copy link

zonyitoo commented Jun 7, 2022

@reem Hi, would you consider make a new release for this? There are many creates depending on this.

@GuilleAmutio
Copy link

@reem Hi, would you consider make a new release for this? There are many creates depending on this.

+1

This was referenced Sep 8, 2022
Open
Open
Open
Closed
Closed
Closed
Closed
Closed
Open
Closed
Open
Open
@github-actions github-actions bot mentioned this issue Dec 12, 2022
Closed
@dfgweb dfgweb mentioned this issue Jan 20, 2023
Closed
@shelvacu
Copy link

As a workaround, put this in Cargo.toml:

[patch.crates-io]
traitobject = { git = "https://github.com/reem/rust-traitobject", rev = "b3471a15917b2caf5a8b27debb0b4b390fc6634f" }

to pull in the merged-but-never-released-on-cargo fix

shelvacu added a commit to consortium-chat/plutocradroid that referenced this issue Jan 22, 2023
@shelvacu
Dear Diary,
151debe 
AAAAAAAAAAAAAAAAA

rust-lang/cargo#9227

AAAAAAAAAAAAAAAAAAAAAAAAAAAA

reem/rust-traitobject#7

AAAAAAAAAAAAAAAAAAAAA

rwf2/Rocket#1815

and updated libs and fixed deprecation warnings from chrono
@github-actions github-actions bot mentioned this issue Mar 4, 2023
Closed
@fralalonde
Copy link

fralalonde commented Mar 10, 2023
edited
Loading

I've re-forked destructure_traitobject and made it useable for transitive patching of traitobject

Similar to @shelvacu 's previous workaround, put this in the top Cargo.toml:

[patch.crates-io]
traitobject = { git = "https://github.com/fralalonde/traitobject_patch", tag = "0.1.1" }

I'll do my best to keep it updated.

This fork also fixes warnings for Rust 2021 edition as identified in #8.

See https://github.com/fralalonde/traitobject_patch for details.

This was referenced Apr 4, 2023
Open
Open
This was referenced Apr 12, 2023
Closed
Closed
@github-actions github-actions bot mentioned this issue May 29, 2023
Open
@github-actions github-actions bot mentioned this issue Jan 24, 2024
Open
@apiiro-staging apiiro-staging bot mentioned this issue Aug 1, 2024
Open
This was referenced Oct 28, 2024
Closed
Closed
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@eduardosm @zonyitoo @philip-peterson @shelvacu @fralalonde @willfindlay @GuilleAmutio