RUSTSEC-2023-0047
(unsound)
on 2023-06-26: impl
FromMdbValue for bool is unsound
This crate has no reviews yet. To add a review, set up your cargo-crev.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open lmdb-rs. Alternatively, you can download the tarball of lmdb-rs v0.7.6 or view the source online.
The implementation of
FromMdbValuehave several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of reproducing the bug were included in url above.GHSA-f9g6-fp84-fv92