Skip to content

Commit

Permalink
Added advisory for Arrow2 FFI_ArrowArray
Browse files Browse the repository at this point in the history
  • Loading branch information
@jorgecarleitao
jorgecarleitao committed Mar 4, 2022
1 parent 616ecfe commit 6b5b96e
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions crates/arrow2/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "arrow2"
date = "2022-03-04"
url = "https://github.com/jorgecarleitao/arrow2/issues/880"
categories = ["double-free"]

[versions]
patched = [">= 0.7.2, < 0.8", ">= 0.8.1, < 0.9", ">= 0.9.2, < 0.10"]
```

# Arrow2 allows double free in `safe` code

The struct `Ffi_ArrowArray` implements `#derive(Clone)` that is inconsistent with
its custom implementation of `Drop`, resulting in a double free when cloned.

Cloning this struct in `safe` results in a segmentation fault, which is unsound.

This derive was removed from this struct. All users are advised to either:
* bump the patch version of this crate (for versions `v0.7,v0.8,v0.9`), or
* migrate to a more recent version of the crate (when using `<0.7`).

Doing so elimitates this vulnerability (code no longer compiles).

0 comments on commit 6b5b96e

Please sign in to comment.