Reported

July 4, 2021

Issued

November 22, 2022 (last modified: July 8, 2023)

Package

atty (crates.io)

Type

INFO Unsound

Keywords

#unaligned-read

Aliases

• GHSA-g98v-hv3f-hcfr

References

• https://github.com/softprops/atty/issues/50
• https://github.com/softprops/atty/pull/51
• https://github.com/softprops/atty/issues/57

Patched

no patched versions

Affected OSes

• windows

Description

On windows, atty dereferences a potentially unaligned pointer.

In practice however, the pointer won't be unaligned unless a custom global allocator is used.

In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.

atty is Unmaintained

A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.

Last release of atty was almost 3 years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

• std::io::IsTerminal - Stable since Rust 1.70.0
• is-terminal - Standalone crate supporting Rust older than 1.70.0

Advisory available under CC0-1.0 license.