Reported

April 9, 2026

Issued

April 11, 2026

Package

rand (crates.io)

Type

INFO Unsound

References

• https://github.com/rust-random/rand/pull/1763

Patched

• >=0.10.1
• <0.10.0, >=0.9.3

Unaffected

• <0.7.0

Affected Functions

Version

rand::rng

• >=0.9.0

rand::thread_rng

• <0.10.0, >=0.7.0

Description

It has been reported (by @lopopolo) that the rand library is unsound (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:

• The log and thread_rng features are enabled
• A custom logger is defined
• The custom logger accesses rand::rng() (previously rand::thread_rng()) and calls any TryRng (previously RngCore) methods on ThreadRng
• The ThreadRng (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
• Trace-level logging is enabled or warn-level logging is enabled and the random source (the getrandom crate) is unable to provide a new seed

TryRng (previously RngCore) methods for ThreadRng use unsafe code to cast *mut BlockRng<ReseedingCore> to &mut BlockRng<ReseedingCore>. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of aliased mutable references is Undefined Behaviour, the behaviour of optimized builds is hard to predict.

Affected versions of rand are >= 0.7, < 0.9.3 and 0.10.0.

Advisory available under CC0-1.0 license.