File tree Expand file tree Collapse file tree 1 file changed +32
-0
lines changed Expand file tree Collapse file tree 1 file changed +32
-0
lines changed Original file line number Diff line number Diff line change 1+ ``` toml
2+ [advisory ]
3+ id = " RUSTSEC-0000-0000"
4+ package = " temporary"
5+ date = " 2018-08-22"
6+ url = " https://github.com/stainless-steel/temporary/issues/2"
7+ categories = [" memory-exposure"
8+ keywords = [" uninitialized-memory"
9+
10+ [versions ]
11+ patched = [" >= 0.6.4"
12+ unaffected = [" < 0.3.0"
13+ ```
14+
15+ # Use of uninitialized memory in temporary
16+
17+ Uninit memory is used as a RNG seed in temporary
18+
19+ The following function is used as a way to get entropy from the system, which does operations on and exposes uninit memory, which is UB.
20+
21+ ``` rust
22+ fn random_seed (_ : & Path , _ : & str ) -> [u64 ; 2 ] {
23+ use std :: mem :: uninitialized as rand;
24+ unsafe { [rand :: <u64 >() ^ 0x12345678 , rand :: <u64 >() ^ 0x87654321 ] }
25+ }
26+ ```
27+
28+ This has been resolved in the 0.6.4 release.
29+
30+ The crate is not intended to be used outside of a testing environment.
31+
32+ For a general purpose crate to create temporary directories, [ ` tempfile ` ] ( https://crates.io/crates/tempfile ) is an alternative for this crate.
You can’t perform that action at this time.
0 commit comments