- Reported
-
- Issued
-
- Package
-
hyper
(crates.io)
- Type
-
INFO
Unsound
- Details
-
https://github.com/hyperium/hyper/pull/2545
- Patched
-
Description
Affected versions of this crate called mem::uninitialized()
in the HTTP1 parser to create values of type httparse::Header
(from the httparse
crate).
This is unsound, since Header
contains references and thus must be non-null.
The flaw was corrected by avoiding the use of mem::uninitialized()
, using MaybeUninit
instead.