Reported

March 4, 2023

Issued

March 4, 2023 (last modified: June 13, 2023)

Package

maligned (crates.io)

Type

INFO Unsound

Categories

• memory-corruption

Keywords

#unsound #alloc #align

Aliases

• GHSA-wm8x-php5-hvq6

References

• https://github.com/tylerhawkes/maligned/issues/5

Patched

no patched versions

Affected Functions

Version

maligned::align_first

• *

maligned::align_first_boxed

• *

maligned::align_first_boxed_cloned

• *

maligned::align_first_boxed_default

• *

Description

maligned::align_first manually allocates with an alignment larger than T, and then uses Vec::from_raw_parts on that allocation to get a Vec<T>.

GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory.

When deallocating, Box and Vec may not respect the specified alignment and can cause undefined behavior.

Advisory available under CC0-1.0 license.