You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When auditing changes to cc, I found a theoretical panic safety issue at 227b770#diff-fbc116db4f047e6e29dac1fc3c5a5f1f759060e9558aff5707624841b57c5258R123-R128 . As an optimization, the code extends the length of the buffer to its capacity (which will cause it to include uninitialized data), and relies on it being set back to contain only initialized data in all code paths. If stderr.read panics and that panic is caught by a caller of forward_available, then the inner buffer of StderrForwarder will still contain uninitialized data. I don't think it is likely that this can be triggered maliciously, hence the public issue.
The text was updated successfully, but these errors were encountered:
When auditing changes to
cc
, I found a theoretical panic safety issue at 227b770#diff-fbc116db4f047e6e29dac1fc3c5a5f1f759060e9558aff5707624841b57c5258R123-R128 . As an optimization, the code extends the length of the buffer to its capacity (which will cause it to include uninitialized data), and relies on it being set back to contain only initialized data in all code paths. Ifstderr.read
panics and that panic is caught by a caller offorward_available
, then the inner buffer ofStderrForwarder
will still contain uninitialized data. I don't think it is likely that this can be triggered maliciously, hence the public issue.The text was updated successfully, but these errors were encountered: