RustSec logo

HistoryEditJSON (OSV)

RUSTSEC-2026-0202

let_cxx_string! uses uninitialized value due to exception safety violations

Reported
Issued
Package
cxx (crates.io)
Type
INFO Unsound
Categories
Keywords
#exception #unwind
References
Patched
  • >=1.0.195
Affected Functions
Version
cxx::let_cxx_string
  • <1.0.195

Description

In affected versions of this crate, let_cxx_string! is not exception safe. After creating the StackString, if match $value panics, the content of StackString is not yet initialized, while the drop implementation of StackString unconditionally deinitializes the content, leading to use of uninitialized value.

The soundness issue was fixed in version 1.0.195 by moving drop logics to separate drop guard after initializing the StackString.

Advisory available under CC0-1.0 license.