thomcc
commented
5 years ago This function still should have been marked as unsafe, since it's trivial to cause an exploitable memory safety issue when calling it...
Closed thomcc closed 5 years ago
thomcc
commented
5 years ago This function still should have been marked as unsafe, since it's trivial to cause an exploitable memory safety issue when calling it...
Shnatsel
commented
5 years ago Deprecation is definitely insufficient because it's not transitive, and more importantly, people do not expect "deprecated" to mean "using this may cause memory errors". However, that's exactly what unsafe fn communicates.
This is a serious security issue - such bugs can be easily exploited to get remote code execution. Please mark printw as unsafe fn and release an updated version. This is a breaking change, but I don't see a way to fix the exploit in a semver-compatible way.
It's very difficult / impossible to use this function from rust without introducing a format string vulnerability into your code (which can be used to trigger arbitrary code execution).
If you must expose something like it, have it just call addstr or mark it as unsafe (and deprecate it in both cases, IMO).
See also: #149 and #125.