- Reported
-
- Issued
-
- Package
-
i_tree
(crates.io)
- Type
-
INFO
Unsound
- References
-
- Patched
-
- Affected Functions
- Version
i_tree::tree::Tree::mut_node
-
i_tree::tree::Tree::node
-
Description
Affected versions of i_tree exposed safe public Tree::node and Tree::mut_node methods in the public tree module. These methods accepted an arbitrary u32 index and passed it directly to Vec::get_unchecked / get_unchecked_mut on the internal node buffer, without validating that the index was in bounds.
Because these methods were safe and public, a caller could pass an out-of-bounds index without writing any unsafe code, producing an out-of-bounds shared or mutable reference and triggering undefined behavior.
Starting with 0.10.0 the crate was restructured and these accessors are no longer reachable from outside the crate.
Advisory available under CC0-1.0
license.