Skip to content

Add advisory for zipora undefined behavior #2429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add advisory for zipora undefined behavior #2429

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions crates/zipora/RUSTSEC-0000-0000.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "zipora"
date = "2025-10-21"
url = "https://github.com/infinilabs/zipora/issues/10"
informational = "unsound"
categories = ["memory-corruption"]
keywords = ["undefined-behavior", "soundness"]

[affected.functions]
"zipora::memory::simd_ops::fast_prefetch_range" = ["< 2.0.1"]

[versions]
patched = [">= 2.0.1"]
```

# Undefined behavior in fast_prefetch_range

The safe function `fast_prefetch_range` accepts a raw pointer and size without validation, allowing safe code to trigger undefined behavior.

The function passes these inputs directly to internal pointer arithmetic (`start.add(size)`) without checking whether the resulting pointer would wrap around the address space or point outside the original allocation. Computing such invalid pointers violates Rust's safety guarantees and causes immediate undefined behavior.

Fixed in v2.0.1 by changing the API to accept a safe slice reference (`&[u8]`) instead of raw pointer and size.