Closed Mark-Simulacrum closed 1 year ago
https://github.com/rust-lang/rust/pull/98112 doesn't seem to have an FCP for doing this, which makes some sense (it's just "exploiting" UB).
@saethlin did we file PRs against the relevant crates which break the most transitive tests at least? e.g., rand_core 0.2.x, 0.3.x, 0.4.x seem to be a good fraction of this list. There's a few more crates that seem to stand out too (e.g., plotters-bitmap).
We did not make any effort to file fixes for the relevant crates.
The rand_core
issue in 0.4 has been patched for about 4 years: https://github.com/rust-random/rand/pull/783 then it looks to me like rand
does the semver trick, so I think they pulled the fix into 0.3 and 0.2, based on spot checking.
The plotters-bitmap
issue was patched a few weeks ago, it's just not released yet: https://github.com/plotters-rs/plotters/pull/467
The only things I think are significant are:
An issue in an old version (almost 4 years old) of wasmtime-runtime
, https://crater-reports.s3.amazonaws.com/beta-1.70-2/beta-2023-05-08/gh/rohankumardubey.wizer/log.txt
Multiple crates hitting an issue in kamadak-exif-0.3.1
:
https://crater-reports.s3.amazonaws.com/beta-1.70-2/beta-2023-05-08/reg/quad-image-0.1.1/log.txt
https://crater-reports.s3.amazonaws.com/beta-1.70-2/beta-2023-05-08/gh/jondot.rawsort/log.txt
https://crater-reports.s3.amazonaws.com/beta-1.70-2/beta-2023-05-08/gh/senden9.geo_fence/log.txt
This issue was patched 4 years ago in https://github.com/kamadak/exif-rs/commit/288a7e85c58caa9f041d7ad6937867478ba780c4 but there isn't a semver-compatible update available.
I don't think these are worth doing anything with. All we could do here is ask maintainers to backport fixes.
Sounds like that's right. The main thing we usually try to ensure is that there is some upgrade path, especially for common code, and I think this covers most of that. Plus it technically won't affect non-debug builds, so users have that escape hatch too.
I'm fine leaving this as-is.
I think ipconfig
crate is affected by this: https://github.com/liranringel/ipconfig/issues/53
thread '<redacted>' panicked at 'misaligned pointer dereference: address must be a multiple of 0x8 but is 0x189f604', C:\Users\runneradmin\.cargo\registry\src\index.crates.io-1cd66030c949c28d\ipconfig-0.3.1\src\adapter.rs:293:23
@Mark-Simulacrum Should this issue stay open? I don't think we have an actual regression here.
Yeah, I think we can close this.
A bunch of these seem to come from rand_core 0.2.1, 0.3.0, and 0.4.0 code (not sure if we can fix it there?)
Not rand_core:
cc https://github.com/rust-lang/rust/pull/98112