Memory safe violation by abusing `__private_get_type_id__` #336

Qwaz · 2019-11-13T21:37:22Z

I noticed that it is possible to cause type confusion in downcast by manually implementing __private_get_type_id__.

https://play.rust-lang.org/?version=stable&mode=debug&edition=2018&gist=ad66fe439660eb8373996bfd6bd7a835

Although the name of the function clearly shows that it is a private API, I believe a safe Rust program should not violate the memory safety guaranteed by Rust type system.

The text was updated successfully, but these errors were encountered:

Qwaz · 2019-11-13T22:14:21Z

Actually, the bug here looks very similar to what happened to the standard library:
https://rustsec.org/advisories/CVE-2019-12083.html

Informational advisory for rust-lang-deprecated/failure#336

Qwaz added a commit to Qwaz/advisory-db that referenced this issue Jun 28, 2020

Informational advisory for rust-lang-deprecated/failure#336

07b145d

Qwaz added a commit to Qwaz/advisory-db that referenced this issue Jun 28, 2020

Informational advisory for rust-lang-deprecated/failure#336

f81972e

Qwaz mentioned this issue Jun 29, 2020

Informational advisory for rust-lang-nursery/failure#336 rustsec/advisory-db#318

Merged

Shnatsel added a commit to rustsec/advisory-db that referenced this issue Aug 14, 2020

Merge pull request #318 from Qwaz/failure-336

1837ccc

Informational advisory for rust-lang-deprecated/failure#336

This was referenced Mar 10, 2021

address issues related to third-party library: proc-maps microsoft/onefuzz#655

Closed

ignore RUSTSEC-2019-0036 microsoft/onefuzz#656

Merged

roblabla mentioned this issue Aug 27, 2021

Release new version without failure dep aisk/rust-ping#2

Closed

This was referenced Jun 10, 2022

Remove 'failure' dep in favor of 'thiserror' japaric/rustc-cfg#15

Merged

Replace 'failure' dep with 'thiserror' japaric/cargo-project#13

Merged

8573 mentioned this issue Jun 26, 2022

RUSTSEC-2020-0036 is informational. Is it really also "CRITICAL"? rustsec/advisory-db#1270

Closed

github-actions bot mentioned this issue May 27, 2023

RUSTSEC-2019-0036: Type confusion if __private_get_type_id__ is overridden stackabletech/zookeeper-operator#690

Open

Allen-Webb mentioned this issue Jun 22, 2023

dependency failure is deprecated mtp401/protoc-grpcio#40

Open

tamird mentioned this issue Aug 9, 2023

Remove 'failure' in favor of 'anyhow' aya-rs/rustc-llvm-proxy#21

Merged

github-actions bot mentioned this issue Nov 26, 2023

RUSTSEC-2019-0036: Type confusion if __private_get_type_id__ is overridden Wenzel/xenctrl#54

Open

github-actions bot mentioned this issue Nov 9, 2024

RUSTSEC-2019-0036: Type confusion if __private_get_type_id__ is overridden witnet/witnet-rust#2511

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Memory safe violation by abusing `__private_get_type_id__` #336

Memory safe violation by abusing `__private_get_type_id__` #336

Qwaz commented Nov 13, 2019

Qwaz commented Nov 13, 2019

Memory safe violation by abusing __private_get_type_id__ #336

Memory safe violation by abusing __private_get_type_id__ #336

Comments

Qwaz commented Nov 13, 2019

Qwaz commented Nov 13, 2019

Memory safe violation by abusing `__private_get_type_id__` #336

Memory safe violation by abusing `__private_get_type_id__` #336