Skip to content

Potential unsound public API #40

New issue
New issue
Open
Open
Potential unsound public API#40
@charlesxsh

Description

@charlesxsh
charlesxsh
opened on Apr 24, 2025

Except the issues mentioned at #37,
At src/common.rs:76

    pub fn check_len(&self, n: usize) -> bool {
        unsafe { self.ptr.add(n) <= self.end }
    }

The index does have appropriate check and passed into pointer's add, which violates the safety requirements mentioned in document

Suggestion:

  1. use self.end minus self.ptr frist

Activity

Alexhuszagh

Alexhuszagh commented on Apr 24, 2025

@Alexhuszagh
Alexhuszagh
on Apr 24, 2025
Contributor

This crate unfortunately is unmaintained right now and these issues are documented extensively in the RUSTSEC advisory
https://rustsec.org/advisories/RUSTSEC-2024-0379.html

Hopefully a new version will be published.

charlesxsh

charlesxsh commented on Apr 24, 2025

@charlesxsh
charlesxsh
on Apr 24, 2025
Author

Thanks for the confirm and reply! I found thoese issues during the tool scanning as well and simply make a note for another issue not mentioned in the discussion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @charlesxsh@Alexhuszagh

        Issue actions
          Potential unsound public API · Issue #40 · aldanor/fast-float-rust