Skip to content

Commit d728ab3

Browse files
nyw0102Shnatsel
nyw0102
and
Shnatsel
authored
Add advisory for segmentation fault in fast-float and fast-float2 (#2192)
* Add advisory for segmentation fault in fast-float * Add advisory for segmentation fault in fast-float2 * Note that access is read-only and that a patch is available * Same for fast-float2 --------- Co-authored-by: Sergey "Shnatsel" Davidoff <[email protected]>
1 parent ffa2670 commit d728ab3

File tree

2 files changed

+42
-0
lines changed

2 files changed

+42
-0
lines changed

crates/fast-float/RUSTSEC-0000-0000.md

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
```toml
2+
[advisory]
3+
id = "RUSTSEC-0000-0000"
4+
package = "fast-float"
5+
date = "2025-01-13"
6+
url = "https://github.com/aldanor/fast-float-rust/issues/38"
7+
categories = ["memory-exposure"]
8+
9+
[affected]
10+
functions = { "fast_float::common::AsciiStr::first" = ["*"] }
11+
12+
[versions]
13+
patched = []
14+
```
15+
# Segmentation fault due to lack of bound check
16+
In this case, the "fast_float::common::AsciiStr::first" method within the "AsciiStr" struct
17+
uses the unsafe keyword to reading from memory without performing bounds checking.
18+
Specifically, it directly dereferences a pointer offset by "self.ptr".
19+
Because of the above reason, the method accesses invalid memory address when it takes an empty string as its input.
20+
This approach violates Rust’s memory safety guarantees, as it can lead to invalid memory access if empty buffer is provided.
21+
22+
No patched version for fast-float crate has been released, but a patch is available in the fast-float2 fork.

crates/fast-float2/RUSTSEC-0000-0000.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
```toml
2+
[advisory]
3+
id = "RUSTSEC-0000-0000"
4+
package = "fast-float2"
5+
date = "2025-01-13"
6+
url = "https://github.com/aldanor/fast-float-rust/issues/38"
7+
categories = ["memory-exposure"]
8+
9+
[affected]
10+
functions = { "fast_float2::common::AsciiStr::first" = ["<0.2.2"] }
11+
12+
[versions]
13+
patched = [">=0.2.2"]
14+
```
15+
# Segmentation fault due to lack of bound check
16+
In this case, the "fast_float2::common::AsciiStr::first" method within the "AsciiStr" struct
17+
uses the unsafe keyword to reading from memory without performing bounds checking.
18+
Specifically, it directly dereferences a pointer offset by "self.ptr".
19+
Because of the above reason, the method accesses invalid memory address when it takes an empty string as its input.
20+
This approach violates Rust’s memory safety guarantees, as it can lead to invalid memory access if empty buffer is provided.

0 commit comments

Comments
 (0)