search

sile / libflate

A Rust implementation of DEFLATE algorithm and related formats (ZLIB, GZIP)
https://docs.rs/libflate
MIT License
178 stars 35 forks source link

UB in the public safe API - where to report? #63

Closed jorgecarleitao closed 2 years ago

jorgecarleitao commented 2 years ago

I was able to trigger undefined behavior (according to MIRI) using the public safe API of libflate (v1.1.1). Is there a private channel where this can be communicated and discussed, or it is ok to report it here?

jorgecarleitao commented 2 years ago

After some investigations, the UB is being triggered on the dependency rle-decode-fast. Closing this. Sorry for the noise :/

sile commented 2 years ago

Don't mind. Thank you anyway😄

jorgecarleitao commented 2 years ago

fwiw, our CI is getting MIRI failures from rle-decode-fast for some time now. Together with dark-arts folks, we were able to identify the root cause and have a fix: https://github.com/WanzenBug/rle-decode-helper/pull/8 . Unfortunately, the crate seems un-mainained. Is there a path forward here?

sile commented 2 years ago

It seems the issue mentioned in the above comment has already been resolved 🎉