prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior · GHSA-gfgm-chr3-x6px · GitHub Advisory Database · GitHub

prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior

Moderate severity GitHub Reviewed Published Dec 30, 2022 to the GitHub Advisory Database • Updated Jan 7, 2023

Package

prettytable-rs (Rust)

Affected versions

< 0.10.0

Patched versions

0.10.0

Description

In function Table::as_ref, a reference of vector is force cast to slice. There are multiple problems here:

To guarantee the size is correct, we have to first do Vec::shrink_to_fit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined behavior (UB).
Even if (1) is sound, &Vec<T> and &[T] still might not have the same layout. Treating them equally may lead to undefinted behavior (UB).

References

Published to the GitHub Advisory Database Dec 30, 2022

Reviewed Dec 30, 2022

Last updated Jan 7, 2023