From f224c341c3c76c17ede1443c65a503ed1044b504 Mon Sep 17 00:00:00 2001 From: Ingvar Stepanyan Date: Sat, 28 Dec 2024 16:59:24 +0000 Subject: [PATCH 1/3] Report unsoundness in fitsrs --- crates/fitsrs/RUSTSEC-0000-0000.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 crates/fitsrs/RUSTSEC-0000-0000.md diff --git a/crates/fitsrs/RUSTSEC-0000-0000.md b/crates/fitsrs/RUSTSEC-0000-0000.md new file mode 100644 index 000000000..3295cc1bd --- /dev/null +++ b/crates/fitsrs/RUSTSEC-0000-0000.md @@ -0,0 +1,18 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "fitsrs" +date = "2024-12-28" +url = "https://github.com/cds-astro/fitsrs/issues/5" +references = ["https://github.com/betrusted-io/xous-core/pull/411"] +categories = [] +keywords = [] +informational = "unsound" +``` + +# Unsound mutable aliasing to immutable data + +There are muliple cases in the codebase, like the [snippet referenced in the issue](https://github.com/cds-astro/fitsrs/blob/5609d8fbb2add2cea207f20ee89117d1f7100b87/src/hdu/data/image.rs#L43-L46), where `unsafe` is used to circumvent aliasing rules. + +Immutable inputs are being cast to mutable inputs by using a combination of raw pointers and `UnsafeCell` as intermediate types. + +This is undefined behaviour by itself, but in some cases also results in multiple references - some immutable and some mutable - referring to the same input. From 07c0fe37cb5f3797a8201a2986afd3ae8d20e768 Mon Sep 17 00:00:00 2001 From: Ingvar Stepanyan Date: Sun, 29 Dec 2024 23:55:45 +0000 Subject: [PATCH 2/3] Fix front matter --- crates/fitsrs/RUSTSEC-0000-0000.md | 1 + 1 file changed, 1 insertion(+) diff --git a/crates/fitsrs/RUSTSEC-0000-0000.md b/crates/fitsrs/RUSTSEC-0000-0000.md index 3295cc1bd..bfaa64859 100644 --- a/crates/fitsrs/RUSTSEC-0000-0000.md +++ b/crates/fitsrs/RUSTSEC-0000-0000.md @@ -1,3 +1,4 @@ +```toml [advisory] id = "RUSTSEC-0000-0000" package = "fitsrs" From c9341371a56d839006d957a2d0a2ab308c76a8e1 Mon Sep 17 00:00:00 2001 From: Ingvar Stepanyan Date: Tue, 31 Dec 2024 12:51:05 +0000 Subject: [PATCH 3/3] Add empty versions.patched --- crates/fitsrs/RUSTSEC-0000-0000.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crates/fitsrs/RUSTSEC-0000-0000.md b/crates/fitsrs/RUSTSEC-0000-0000.md index bfaa64859..1a3267ffb 100644 --- a/crates/fitsrs/RUSTSEC-0000-0000.md +++ b/crates/fitsrs/RUSTSEC-0000-0000.md @@ -8,6 +8,9 @@ references = ["https://github.com/betrusted-io/xous-core/pull/411"] categories = [] keywords = [] informational = "unsound" + +[versions] +patched = [] ``` # Unsound mutable aliasing to immutable data