Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added advisory for arrow2::ffi::Ffi_ArrowArray double free #1204

Merged
merged 3 commits into from
Mar 4, 2022
Merged

Added advisory for arrow2::ffi::Ffi_ArrowArray double free #1204

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5958d4a
Added advisory for Arrow2 FFI_ArrowArray
jorgecarleitao Mar 4, 2022
2b7015d
add "memory-corruption" category
Shnatsel Mar 4, 2022
e699b2e
Fix version
jorgecarleitao Mar 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions crates/arrow2/RUSTSEC-0000-0000.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "arrow2"
date = "2022-03-04"
url = "https://github.com/jorgecarleitao/arrow2/issues/880"
categories = []

[versions]
patched = [">= 0.7.2, < 0.8", ">= 0.8.1, < 0.9", ">= 0.9.2, < 0.10"]
```

# Arrow2 allows double free in `safe` code

The struct `Ffi_ArrowArray` implements `#derive(Clone)` that is inconsistent with
its custom implementation of `Drop`, resulting in a double free when cloned.

Cloning this struct in `safe` results in a segmentation fault, which is unsound.

This derive was removed from this struct. All users are advised to either:
* bump the patch version of this crate (for versions `v0.7,v0.8,v0.9`), or
* migrate to a more recent version of the crate (when using `<0.7`).

Doing so elimitates this vulnerability (code no longer compiles).