Added advisory for arrow2::ffi::Ffi_ArrowArray double free (#1204)

* Added advisory for Arrow2 FFI_ArrowArray * add "memory-corruption" category * Fix version Co-authored-by: Sergey "Shnatsel" Davidoff <[email protected]>
rustsec · Mar 4, 2022 · 7b3eed6 · 7b3eed6
1 parent 616ecfe
commit 7b3eed6
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/crates/arrow2/RUSTSEC-0000-0000.md b/crates/arrow2/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "arrow2"
+date = "2022-03-04"
+url = "https://github.com/jorgecarleitao/arrow2/issues/880"
+categories = ["memory-corruption"]
+
+[versions]
+patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10"]
+```
+
+# Arrow2 allows double free in `safe` code
+
+The struct `Ffi_ArrowArray` implements `#derive(Clone)` that is inconsistent with
+its custom implementation of `Drop`, resulting in a double free when cloned.
+
+Cloning this struct in `safe` results in a segmentation fault, which is unsound.
+
+This derive was removed from this struct. All users are advised to either:
+* bump the patch version of this crate (for versions `v0.7,v0.8,v0.9`), or
+* migrate to a more recent version of  the crate (when using `<0.7`).
+
+Doing so elimitates this vulnerability (code no longer compiles).