- Reported
-
- Issued
-
- Package
-
diesel
(crates.io)
- Type
-
INFO
Unsound
- References
-
- Patched
-
- Affected Functions
- Version
diesel::deserialize::FromSql::<Text,Sqlite>::from_sql-
diesel::sqlite::SqliteValue::read_str-
Description
Diesel uses the sqlite3_value_text function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding SQLite documentation that this function always returns a UTF-8 encoded string values as *const c_char. Based on that we used str::from_utf8_unchecked to construct a Rust string slice without any additional UTF-8 checks in place. It turned out that this function doesn't always return correct UTF-8 strings. For field of the SQLite side storage type BLOB this pointer can contain arbitrary bytes, which makes the usage of str::from_utf8_unchecked unsound as this violates the safety contract of str to only contain valid UTF-8 encoded Strings.
Mitigation
The preferred mitigation to the outlined problem is to update to a Diesel version 2.3.8 or newer, which includes fixes for the problem.
Resolution
Diesel now correctly checks whether the provides byte buffer is actually valid UTF-8, instead of relying on SQLite's documentation. This fix is included in the 2.3.8 release.
Advisory available under CC0-1.0
license.