Описание
ferris-says has undefined behavior when not using UTF-8
Affected versions receive a &[u8] from the caller through a safe API, and pass it directly to the unsafe str::from_utf8_unchecked function.
The behavior of ferris_says::say is undefined if the bytes from the caller don't happen to be valid UTF-8.
The flaw was corrected in ferris-says#21 by using the safe str::from_utf8 instead, and returning an error on invalid input. However this fix has not yet been published to crates.io as a patch version for 0.2.
Separately, ferris-says#32 has introduced a different API for version 0.3 which accepts input as &str rather than &[u8], so is unaffected by this bug.
Пакеты
Наименование
ferris-says
rust
Затронутые версииВерсия исправления
>= 0.1.2, <= 0.2.1
Отсутствует
Наименование
ferris-says
rust
Затронутые версииВерсия исправления
>= 0.3.0, < 0.3.1
0.3.1