Linkme is unsound (coercion fools typecheck) (#1917)

rustsec · Dec 4, 2024 · 21b0e0a · 21b0e0a
1 parent df039a7
commit 21b0e0a
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/crates/linkme/RUSTSEC-0000-0000.md b/crates/linkme/RUSTSEC-0000-0000.md
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "linkme"
+date = "2024-03-05"
+url = "https://github.com/dtolnay/linkme/issues/82"
+informational = "unsound"
+
+[versions]
+patched = [">= 0.3.24"]
+```
+
+# Fails to ensure slice elements match the slice's declared type
+
+Affected versions allow populating a DistributedSlice of T with elements of an
+arbitrary other type that coerces to T. For example, elements of type `&&str`
+could end up in a slice of type `[&str]`, since `&&str` coerces to `&str` via a
+deref coercion.
+
+The flaw was corrected by implementing typechecking for distributed slice
+elements in such a way that coercion no longer occurs. The element's type must
+be a subtype of the slice's declared element type.