When auditing changes to cc, I found a theoretical panic safety issue at https://github.com/rust-lang/cc-rs/commit/227b770f1d52d3e538f0bdfbe3636acb58ccb87d#diff-fbc116db4f047e6e29dac1fc3c5a5f1f759060e9558aff5707624841b57c5258R123-R128 . As an optimization, the code extends the length of the buffer to its capacity (which will cause it to include uninitialized data), and relies on it being set back to contain only initialized data in all code paths. If stderr.read panics and that panic is caught by a caller of forward_available, then the inner buffer of StderrForwarder will still contain uninitialized data. I don't think it is likely that this can be triggered maliciously, hence the public issue.
When auditing changes to
cc
, I found a theoretical panic safety issue at https://github.com/rust-lang/cc-rs/commit/227b770f1d52d3e538f0bdfbe3636acb58ccb87d#diff-fbc116db4f047e6e29dac1fc3c5a5f1f759060e9558aff5707624841b57c5258R123-R128 . As an optimization, the code extends the length of the buffer to its capacity (which will cause it to include uninitialized data), and relies on it being set back to contain only initialized data in all code paths. Ifstderr.read
panics and that panic is caught by a caller offorward_available
, then the inner buffer ofStderrForwarder
will still contain uninitialized data. I don't think it is likely that this can be triggered maliciously, hence the public issue.