RUSTSEC-2021-0068

Soundness issue in iced-x86 versions <= 1.10.3

Issued
Package
iced-x86 (crates.io)
Type
Vulnerability
Details
https://github.com/icedland/iced/issues/168
Patched
  • >1.10.3
Keywords
  • soundness
Affected Functions
Version
iced_x86::Decoder::new
  • <=1.10.3

Description

Versions of iced-x86 <= 1.10.3 invoke undefined behavior which may cause soundness issues in crates using the iced_x86::Decoder struct. The Decoder::new() function made a call to slice.get_unchecked(slice.length()) to get the end position of the input buffer. The flaw was fixed with safe logic that does not invoke undefined behavior.

More details can be found at https://github.com/icedland/iced/issues/168.

More