Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fixed invariant violation in MemBio::get_buf with empty results #2266

Merged
merged 1 commit into from
Jul 21, 2024
Merged

Fixed invariant violation in MemBio::get_buf with empty results #2266

merged 1 commit into from
Jul 21, 2024

Conversation

alex
Copy link
Collaborator

@alex alex commented Jul 21, 2024

Pointer arguments to slice::from_raw_parts are required to be non-null. (See https://davidben.net/2024/01/15/empty-slices.html for details.)

@alex
Fixed invariant violation in MemBio::get_buf with empty results
142deef 
Pointer arguments to `slice::from_raw_parts` are required to be non-null. (See https://davidben.net/2024/01/15/empty-slices.html for details.)
@alex alex mentioned this pull request Jul 21, 2024
Closed
@alex alex merged commit aef36e0 into sfackler:master Jul 21, 2024
61 checks passed
@alex alex deleted the mem-bio-invariant branch July 21, 2024 12:59
This was referenced Jul 22, 2024
Closed
Closed
Closed
Closed
Open
Closed
doitian added a commit to doitian/ckb that referenced this pull request Jul 22, 2024
@doitian
chore(deps): upgrade openssl crate
4957ce8 
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```
Desiki-high added a commit to Desiki-high/nydus that referenced this pull request Jul 22, 2024
@Desiki-high
chore(deps): upgrade openssl crate
a482274 
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```

Signed-off-by: Yadong Ding <ding_yadong@foxmail.com>
Desiki-high added a commit to Desiki-high/nydus that referenced this pull request Jul 22, 2024
@Desiki-high
chore(deps): upgrade openssl crate
1ad7e87 
```
    ┌─ /github/workspace/Cargo.lock:148:1
    │
148 │ openssl 0.10.55 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```

Signed-off-by: Yadong Ding <ding_yadong@foxmail.com>
doitian added a commit to doitian/ckb-cli that referenced this pull request Jul 22, 2024
@doitian
chore(deps): upgrade openssl crate
51ee684 
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```
@cedricschwyter cedricschwyter mentioned this pull request Jul 22, 2024
Merged
This was referenced Jul 23, 2024
Closed
Closed
Closed
This was referenced Jul 31, 2024
Open
Closed
@github-actions github-actions bot mentioned this pull request Sep 29, 2024
Closed
This was referenced Oct 9, 2024
Closed
Closed
@linw1995 linw1995 mentioned this pull request Oct 21, 2024
Merged
@washanhanzi washanhanzi mentioned this pull request Nov 20, 2024
Open
@leighmcculloch leighmcculloch mentioned this pull request Nov 25, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@sfackler sfackler sfackler approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alex @sfackler