Skip to content

Undefined behavior in renderdoc crate #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 3, 2019
Merged

Undefined behavior in renderdoc crate #147

merged 3 commits into from
Sep 3, 2019

Conversation

ebkalderon
Copy link
Contributor

While updating the renderdoc-rs bindings a few months ago, I had identified several methods that were taking immutable reference to self but were actually making internally mutating RenderDoc API calls, which could potentially lead to undefined behavior.

This issue was corrected in the 0.5.0 release, and it was recently suggested that I file a public advisory here, which was a very good idea.

I would appreciate any feedback in reporting this advisory properly, and I hope to report any such cases in a more timely manner in the future.

@ebkalderon ebkalderon changed the title Mutating methods exposed as immutable &self in renderdoc crate Undefined behavior in renderdoc crate Sep 2, 2019
@ebkalderon
Copy link
Contributor Author

@Shnatsel I am also working on publishing a security advisory on GitHub as well. If you would like to join as a collaborator to review the advisory text, I would be happy to add you.

@tarcieri tarcieri merged commit bbb7ff5 into rustsec:master Sep 3, 2019
@ebkalderon
Copy link
Contributor Author

Thanks for the review, @tarcieri!

@ebkalderon ebkalderon deleted the add-renderdoc-ub-vuln branch September 3, 2019 02:39
tarcieri added a commit that referenced this pull request Sep 3, 2019
@tarcieri
Assign RUSTSEC-2019-0018 to renderdoc
c802882 
Original PR: #147
@tarcieri tarcieri mentioned this pull request Sep 3, 2019
Merged
@tarcieri
Copy link
Member

tarcieri commented Sep 3, 2019

Assigned RUSTSEC-2019-0018 in #148

@ebkalderon
Copy link
Contributor Author

The corresponding GitHub security advisory has been published here: GHSA-4mmc-49vf-jmcp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarcieri tarcieri tarcieri left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ebkalderon @tarcieri