RUSTSEC-2026-0133

Invalid pointer arithmetic in iter() and iter_mut()

Reported

May 2, 2026

Issued

May 13, 2026

Package

auto_vec (crates.io)

Type

INFO Unsound

Categories

memory-corruption

Keywords

#out-of-bounds #pointer-arithmetic

References

https://github.com/lluvz/AutoVec/issues/1

Patched

no patched versions

Description

The iter() and iter_mut() APIs compute current = (&children[0] as *const *const RawAutoChild).sub(1), which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules.

This can be triggered through safe public APIs — iter() and iter_mut() — with no unsafe required from the caller.

Advisory available under CC0-1.0 license.