Skip to content

Fyrox has unsound usages of `Vec::from_raw_parts`

Low severity GitHub Reviewed Published Feb 14, 2025 to the GitHub Advisory Database • Updated Feb 14, 2025

Package

cargo fyrox-core (Rust)

Affected versions

>= 0.28.1, < 0.36

Patched versions

0.36

Description

The library provides a public safe API transmute_vec_as_bytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer.

In the issue, we develop a PoC to show passing struct type to transmute_vec_as_bytes could lead to undefined behavior with Vec::from_raw_parts.

The developers provide a patch by changing trait of Copy to Pod, which can make sure T should be plain data. This was patched in the latest version of master branch, but still not on the latest release (0.28.1).

References

Published to the GitHub Advisory Database Feb 14, 2025
Reviewed Feb 14, 2025
Last updated Feb 14, 2025

Severity

Low

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-h7h7-6mx3-r89v

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.