RUSTSEC-2019-0028

Unsound impl Follow for bool

Issued
Package
flatbuffers (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/google/flatbuffers/issues/5530
Patched
  • >=0.6.1
Unaffected
  • <0.4.0
Affected Functions
Version
flatbuffers::Follow::follow
  • >=0.4.0
  • <=0.6.0

Description

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool.

In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code.

More