RUSTSEC-2021-0022: yottadb: Use-after-free in `subscript_next` and `subscript_prev` wrappers


Affected versions of this crate had an unsound implementation which could pass a pointer to freed memory to ydb_subscript_next_st and ydb_subscript_prev_st if the variable and subscripts did not have enough memory allocated on the first call to hold the next variable in the database.

For example, the following code had undefined behavior:

let mut key = Key::variable(String::from("a"));
    .set_st(YDB_NOTTP, Vec::new(), b"some val")
key.sub_next_self_st(YDB_NOTTP, Vec::new()).unwrap();

yottadb has no reverse-dependencies on and there are no known instances of this API being used incorrectly in practice. The fix is backwards compatible.

The flaw was corrected by recalculating the pointer each time it was reallocated.

More Info

Patched Versions