Описание
Direct Ring Buffer has uninitialized memory exposure in create_ring_buffer
The safe function create_ring_buffer allocates a buffer using Vec::with_capacity followed by set_len, creating a Box<[T]> containing uninitialized memory.
This leads to undefined behavior when functions like write_slices create typed slices (e.g., &mut [bool]) over the uninitialized memory, violating Rust's validity invariants. The issue has been confirmed using Miri.
Fixed in version 0.2.2 by using resize_with to properly initialize the buffer with T::default(), adding a T: Default bound to ensure sound initialization.
Пакеты
Наименование
direct_ring_buffer
rust
Затронутые версииВерсия исправления
< 0.2.2
0.2.2
2 Low
CVSS4
Дефекты
CWE-908
2 Low
CVSS4
Дефекты
CWE-908