Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please, release a new version #7

Open
eduardosm opened this issue Jun 1, 2020 · 6 comments
Open

Please, release a new version #7

eduardosm opened this issue Jun 1, 2020 · 6 comments

Comments

@eduardosm
Copy link

The implementation of the data and data_mut functions is highly unsafe:

rust-traitobject/src/lib.rs

Lines 13 to 22 in a8a36dc

pub unsafe fn data<T: ?Sized>(val: *const T) -> *const () {
*mem::transmute::<*const *const T, *const *const ()>(&val)
}
/// Get the data pointer from this trait object, mutably.
///
/// Highly unsafe, as there is no information about the type of the data.
pub unsafe fn data_mut<T: ?Sized>(mut val: *mut T) -> *mut () {
*mem::transmute::<*mut *mut T, *mut *mut ()>(&mut val)
}

This assumes that the first element is a fat pointer is the data pointer. This is currently true, but it can change in a newer rust version, which would make this crate a potential security hole.

Commit 99b1993 fixed this, but it has not been released into a new version. Please, publish a new version (0.1.1) that includes this commit (and possibly yank the previous versions).
@willfindlay
Copy link

@reem This is currently the subject of a security advisory. Would you consider addressing this?

@philip-peterson
Copy link

Because it seems this repository is unmaintained, I have forked it with the submitted patches and issues merged here: https://github.com/philip-peterson/destructure_traitobject

@ranweiler ranweiler mentioned this issue Oct 20, 2021
Closed
@zonyitoo
Copy link

zonyitoo commented Jun 7, 2022

@reem Hi, would you consider make a new release for this? There are many creates depending on this.

@GuilleAmutio
Copy link

@reem Hi, would you consider make a new release for this? There are many creates depending on this.

+1

This was referenced Sep 8, 2022
Open
Open
Open
Closed
Closed
Open
Closed
Closed
Open
Closed
Open
Open
@github-actions github-actions bot mentioned this issue Dec 12, 2022
Closed
@dfgweb dfgweb mentioned this issue Jan 20, 2023
Closed
@shelvacu
Copy link

As a workaround, put this in Cargo.toml:

[patch.crates-io]
traitobject = { git = "https://github.com/reem/rust-traitobject", rev = "b3471a15917b2caf5a8b27debb0b4b390fc6634f" }

to pull in the merged-but-never-released-on-cargo fix

shelvacu added a commit to consortium-chat/plutocradroid that referenced this issue Jan 22, 2023
@shelvacu
Dear Diary,
151debe 
AAAAAAAAAAAAAAAAA

rust-lang/cargo#9227

AAAAAAAAAAAAAAAAAAAAAAAAAAAA

reem/rust-traitobject#7

AAAAAAAAAAAAAAAAAAAAA

rwf2/Rocket#1815

and updated libs and fixed deprecation warnings from chrono
@github-actions github-actions bot mentioned this issue Mar 4, 2023
Closed
@fralalonde
Copy link

fralalonde commented Mar 10, 2023
edited
Loading

I've re-forked destructure_traitobject and made it useable for transitive patching of traitobject

Similar to @shelvacu 's previous workaround, put this in the top Cargo.toml:

[patch.crates-io]
traitobject = { git = "https://github.com/fralalonde/traitobject_patch", tag = "0.1.1" }

I'll do my best to keep it updated.

This fork also fixes warnings for Rust 2021 edition as identified in #8.

See https://github.com/fralalonde/traitobject_patch for details.

This was referenced Apr 4, 2023
Open
Open
This was referenced Apr 12, 2023
Closed
Closed
@github-actions github-actions bot mentioned this issue May 29, 2023
Open
@github-actions github-actions bot mentioned this issue Jan 24, 2024
Open
@apiiro-staging apiiro-staging bot mentioned this issue Aug 1, 2024
Open
This was referenced Oct 28, 2024
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@eduardosm @zonyitoo @philip-peterson @shelvacu @fralalonde @willfindlay @GuilleAmutio