Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR #3676

purplesyringa · 2024-05-01T15:38:38Z

This fixes a bug Miri found in a program that uses UNIX-domain sockets via nix:

error: Undefined Behavior: out-of-bounds pointer arithmetic: 0x3cf148[noalloc] is a dangling pointer (it has no provenance)
    --> /home/purplesyringa/.cargo/git/checkouts/libc-d1297d136f47e864/3939453/src/unix/linux_like/linux/mod.rs:4653:12
     |
4653 |         if (next.offset(1)) as usize > max ||
     |            ^^^^^^^^^^^^^^^^ out-of-bounds pointer arithmetic: 0x3cf148[noalloc] is a dangling pointer (it has no provenance)
     |
     = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
     = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
     = note: BACKTRACE on thread `test_rx`:
     = note: inside `libc::unix::linux_like::linux::CMSG_NXTHDR` at /home/purplesyringa/.cargo/git/checkouts/libc-d1297d136f47e864/3939453/src/unix/linux_like/linux/mod.rs:4653:12: 4653:28
     = note: inside `nix::sys::socket::pack_mhdr_to_send::<'_, &[std::io::IoSlice<'_>], &[nix::sys::socket::ControlMessage<'_>], ()>` at /home/purplesyringa/.cargo/git/checkouts/nix-b3212349c9ce0b13/c6ff94a/src/sys/socket/mod.rs:1899:26: 1899:68
...

wrapping_offset seems to be what was actually intended here.

rustbot · 2024-05-01T15:38:42Z

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @JohnTitor (or someone else) some time within the next two weeks.

Please see the contribution instructions for more information. Namely, in order to ensure the minimum review times lag, PR authors and assigned reviewers should ensure that the review label (S-waiting-on-review and S-waiting-on-author) stays updated, invoking these commands when appropriate:

@rustbot author: the review is finished, PR author should check the comments and take action accordingly
@rustbot review: the author is ready for a review, this PR will be queued again in the reviewer's queue

chore(deps): update compatible [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [anstream](https://togithub.com/rust-cli/anstyle) | workspace.dependencies | patch | `0.6.13` -> `0.6.14` | | [anstyle](https://togithub.com/rust-cli/anstyle) | workspace.dependencies | patch | `1.0.6` -> `1.0.7` | | [anyhow](https://togithub.com/dtolnay/anyhow) | workspace.dependencies | patch | `1.0.82` -> `1.0.86` | | [libc](https://togithub.com/rust-lang/libc) | workspace.dependencies | patch | `0.2.154` -> `0.2.155` | | [opener](https://togithub.com/Seeker14491/opener) | workspace.dependencies | patch | `0.7.0` -> `0.7.1` | | [security-framework](https://lib.rs/crates/security_framework) ([source](https://togithub.com/kornelski/rust-security-framework)) | workspace.dependencies | minor | `2.10.0` -> `2.11.0` | | [semver](https://togithub.com/dtolnay/semver) | workspace.dependencies | patch | `1.0.22` -> `1.0.23` | | [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | workspace.dependencies | patch | `1.0.199` -> `1.0.203` | | [serde-untagged](https://togithub.com/dtolnay/serde-untagged) | workspace.dependencies | patch | `0.1.5` -> `0.1.6` | | [serde_json](https://togithub.com/serde-rs/json) | workspace.dependencies | patch | `1.0.116` -> `1.0.117` | | [thiserror](https://togithub.com/dtolnay/thiserror) | workspace.dependencies | patch | `1.0.59` -> `1.0.61` | --- ### Release Notes <details> <summary>rust-cli/anstyle (anstream)</summary> ### [`v0.6.14`](https://togithub.com/rust-cli/anstyle/compare/anstream-v0.6.13...anstream-v0.6.14) [Compare Source](https://togithub.com/rust-cli/anstyle/compare/anstream-v0.6.13...anstream-v0.6.14) </details> <details> <summary>dtolnay/anyhow (anyhow)</summary> ### [`v1.0.86`](https://togithub.com/dtolnay/anyhow/releases/tag/1.0.86) [Compare Source](https://togithub.com/dtolnay/anyhow/compare/1.0.85...1.0.86) - Fix parse error in `ensure!` with non-literal after minus sign ([#373](https://togithub.com/dtolnay/anyhow/issues/373)) ### [`v1.0.85`](https://togithub.com/dtolnay/anyhow/releases/tag/1.0.85) [Compare Source](https://togithub.com/dtolnay/anyhow/compare/1.0.84...1.0.85) - Improve `ensure!` macro's rules to unblock some rustc pretty-printer improvements ([#368](https://togithub.com/dtolnay/anyhow/issues/368), [#371](https://togithub.com/dtolnay/anyhow/issues/371)) ### [`v1.0.84`](https://togithub.com/dtolnay/anyhow/releases/tag/1.0.84) [Compare Source](https://togithub.com/dtolnay/anyhow/compare/1.0.83...1.0.84) - Disallow calling `ensure!` through a `Not` impl for a type that is not `bool` ([#367](https://togithub.com/dtolnay/anyhow/issues/367)) ### [`v1.0.83`](https://togithub.com/dtolnay/anyhow/releases/tag/1.0.83) [Compare Source](https://togithub.com/dtolnay/anyhow/compare/1.0.82...1.0.83) - Integrate compile-time checking of cfgs ([#363](https://togithub.com/dtolnay/anyhow/issues/363)) </details> <details> <summary>rust-lang/libc (libc)</summary> ### [`v0.2.155`](https://togithub.com/rust-lang/libc/releases/tag/0.2.155) [Compare Source](https://togithub.com/rust-lang/libc/compare/0.2.154...0.2.155) #### What's Changed - Add `SYS_lseek` and `SYS_mmap` for aarch64 Android by [`@lberrymage](https://togithub.com/lberrymage)` in [/~https://github.com/rust-lang/libc/pull/3632](https://togithub.com/rust-lang/libc/pull/3632) - Correct the value of FAN_MARK_IGNORE by [`@severen](https://togithub.com/severen)` in [/~https://github.com/rust-lang/libc/pull/3622](https://togithub.com/rust-lang/libc/pull/3622) - Update FreeBSD 13 CI image by [`@JohnTitor](https://togithub.com/JohnTitor)` in [/~https://github.com/rust-lang/libc/pull/3671](https://togithub.com/rust-lang/libc/pull/3671) - android: add FUTEX_LOCK_PI2 by [`@rtzoeller](https://togithub.com/rtzoeller)` in [/~https://github.com/rust-lang/libc/pull/3635](https://togithub.com/rust-lang/libc/pull/3635) - Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR by [`@purplesyringa](https://togithub.com/purplesyringa)` in [/~https://github.com/rust-lang/libc/pull/3676](https://togithub.com/rust-lang/libc/pull/3676) - Revert "Support posix_spawn on Android" by [`@JohnTitor](https://togithub.com/JohnTitor)` in [/~https://github.com/rust-lang/libc/pull/3678](https://togithub.com/rust-lang/libc/pull/3678) - Unlock ci: fix wrong cfg emscripten by [`@tesuji](https://togithub.com/tesuji)` in [/~https://github.com/rust-lang/libc/pull/3684](https://togithub.com/rust-lang/libc/pull/3684) - redox: correct EPOLL constants by [`@jackpot51](https://togithub.com/jackpot51)` in [/~https://github.com/rust-lang/libc/pull/3686](https://togithub.com/rust-lang/libc/pull/3686) - \[0.2] Revert "Upgrade Docker images to Ubuntu 23.10" on sparc64 by [`@cuviper](https://togithub.com/cuviper)` in [/~https://github.com/rust-lang/libc/pull/3708](https://togithub.com/rust-lang/libc/pull/3708) - Re-add `posix_spawn{_file_actions_t,attr_t}` on Android by [`@tesuji](https://togithub.com/tesuji)` in [/~https://github.com/rust-lang/libc/pull/3690](https://togithub.com/rust-lang/libc/pull/3690) - Update version to `0.2.155` by [`@madsmtm](https://togithub.com/madsmtm)` in [/~https://github.com/rust-lang/libc/pull/3682](https://togithub.com/rust-lang/libc/pull/3682) #### New Contributors - [`@lberrymage](https://togithub.com/lberrymage)` made their first contribution in [/~https://github.com/rust-lang/libc/pull/3632](https://togithub.com/rust-lang/libc/pull/3632) - [`@purplesyringa](https://togithub.com/purplesyringa)` made their first contribution in [/~https://github.com/rust-lang/libc/pull/3676](https://togithub.com/rust-lang/libc/pull/3676) **Full Changelog**: rust-lang/libc@0.2.154...0.2.155 </details> <details> <summary>Seeker14491/opener (opener)</summary> ### [`v0.7.1`](https://togithub.com/Seeker14491/opener/blob/HEAD/CHANGELOG.md#071---2024-05-17) [Compare Source](https://togithub.com/Seeker14491/opener/compare/v0.7.0...v0.7.1) ##### Fixed - On Linux, the `dbus` crate is now only pulled in when enabling the `reveal` feature (as was the case prior to `opener` v0.7.0). - Fixed a Cargo error when compiling `opener` using versions of Rust prior to 1.71. </details> <details> <summary>kornelski/rust-security-framework (security-framework)</summary> ### [`v2.11.0`](https://togithub.com/kornelski/rust-security-framework/compare/v2.10.0...v2.11.0) [Compare Source](https://togithub.com/kornelski/rust-security-framework/compare/v2.10.0...v2.11.0) </details> <details> <summary>dtolnay/semver (semver)</summary> ### [`v1.0.23`](https://togithub.com/dtolnay/semver/releases/tag/1.0.23) [Compare Source](https://togithub.com/dtolnay/semver/compare/1.0.22...1.0.23) - Resolve unexpected_cfgs warning ([#318](https://togithub.com/dtolnay/semver/issues/318)) </details> <details> <summary>serde-rs/serde (serde)</summary> ### [`v1.0.203`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.203) [Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203) - Documentation improvements ([#2747](https://togithub.com/serde-rs/serde/issues/2747)) ### [`v1.0.202`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.202) [Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.201...v1.0.202) - Provide public access to RenameAllRules in serde_derive_internals ([#2743](https://togithub.com/serde-rs/serde/issues/2743)) ### [`v1.0.201`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.201) [Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.200...v1.0.201) - Resolve unexpected_cfgs warning ([#2737](https://togithub.com/serde-rs/serde/issues/2737)) ### [`v1.0.200`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.200) [Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.199...v1.0.200) - Fix formatting of "invalid type" and "invalid value" deserialization error messages containing NaN or infinite floats ([#2733](https://togithub.com/serde-rs/serde/issues/2733), thanks [`@jamessan](https://togithub.com/jamessan))` </details> <details> <summary>dtolnay/serde-untagged (serde-untagged)</summary> ### [`v0.1.6`](https://togithub.com/dtolnay/serde-untagged/releases/tag/0.1.6) [Compare Source](https://togithub.com/dtolnay/serde-untagged/compare/0.1.5...0.1.6) - Relocate some unsafe code over to `typeid` crate </details> <details> <summary>serde-rs/json (serde_json)</summary> ### [`v1.0.117`](https://togithub.com/serde-rs/json/releases/tag/v1.0.117) [Compare Source](https://togithub.com/serde-rs/json/compare/v1.0.116...v1.0.117) - Resolve unexpected_cfgs warning ([#1130](https://togithub.com/serde-rs/json/issues/1130)) </details> <details> <summary>dtolnay/thiserror (thiserror)</summary> ### [`v1.0.61`](https://togithub.com/dtolnay/thiserror/releases/tag/1.0.61) [Compare Source](https://togithub.com/dtolnay/thiserror/compare/1.0.60...1.0.61) - Use `core::fmt` and `core::panic` to facilitate `error_in_core` support ([#299](https://togithub.com/dtolnay/thiserror/issues/299), thanks [`@jordens](https://togithub.com/jordens))` ### [`v1.0.60`](https://togithub.com/dtolnay/thiserror/releases/tag/1.0.60) [Compare Source](https://togithub.com/dtolnay/thiserror/compare/1.0.59...1.0.60) - Resolve unexpected_cfgs warning ([#298](https://togithub.com/dtolnay/thiserror/issues/298)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 5am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/rust-lang/cargo).

chore(deps): update compatible [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [annotate-snippets](https://togithub.com/rust-lang/annotate-snippets-rs) | workspace.dependencies | patch | `0.11.2` -> `0.11.3` | | [anstream](https://togithub.com/rust-cli/anstyle) | workspace.dependencies | patch | `0.6.13` -> `0.6.14` | | [anstyle](https://togithub.com/rust-cli/anstyle) | workspace.dependencies | patch | `1.0.6` -> `1.0.7` | | [anyhow](https://togithub.com/dtolnay/anyhow) | workspace.dependencies | patch | `1.0.82` -> `1.0.86` | | [clap](https://togithub.com/clap-rs/clap) | workspace.dependencies | patch | `4.5.4` -> `4.5.6` | | [libc](https://togithub.com/rust-lang/libc) | workspace.dependencies | patch | `0.2.154` -> `0.2.155` | | [opener](https://togithub.com/Seeker14491/opener) | workspace.dependencies | patch | `0.7.0` -> `0.7.1` | | [regex](https://togithub.com/rust-lang/regex) | workspace.dependencies | patch | `1.10.4` -> `1.10.5` | | [security-framework](https://lib.rs/crates/security_framework) ([source](https://togithub.com/kornelski/rust-security-framework)) | workspace.dependencies | minor | `2.10.0` -> `2.11.0` | | [semver](https://togithub.com/dtolnay/semver) | workspace.dependencies | patch | `1.0.22` -> `1.0.23` | | [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | workspace.dependencies | patch | `1.0.199` -> `1.0.203` | | [serde-untagged](https://togithub.com/dtolnay/serde-untagged) | workspace.dependencies | patch | `0.1.5` -> `0.1.6` | | [serde_json](https://togithub.com/serde-rs/json) | workspace.dependencies | patch | `1.0.116` -> `1.0.117` | | [snapbox](https://togithub.com/assert-rs/trycmd/tree/main/crates/snapbox) ([source](https://togithub.com/assert-rs/trycmd)) | workspace.dependencies | patch | `0.6.7` -> `0.6.9` | | [tar](https://togithub.com/alexcrichton/tar-rs) | workspace.dependencies | patch | `0.4.40` -> `0.4.41` | | [thiserror](https://togithub.com/dtolnay/thiserror) | workspace.dependencies | patch | `1.0.59` -> `1.0.61` | | [unicode-width](https://togithub.com/unicode-rs/unicode-width) | workspace.dependencies | patch | `0.1.12` -> `0.1.13` | --- ### Release Notes <details> <summary>rust-lang/annotate-snippets-rs (annotate-snippets)</summary> ### [`v0.11.3`](https://togithub.com/rust-lang/annotate-snippets-rs/blob/HEAD/CHANGELOG.md#0113---2024-06-06) [Compare Source](https://togithub.com/rust-lang/annotate-snippets-rs/compare/0.11.2...0.11.3) ##### Fixes - Dropped MSRV to 1.65 </details> <details> <summary>rust-cli/anstyle (anstream)</summary> ### [`v0.6.14`](https://togithub.com/rust-cli/anstyle/compare/anstream-v0.6.13...anstream-v0.6.14) [Compare Source](https://togithub.com/rust-cli/anstyle/compare/anstream-v0.6.13...anstream-v0.6.14) </details> <details> <summary>dtolnay/anyhow (anyhow)</summary> ### [`v1.0.86`](https://togithub.com/dtolnay/anyhow/releases/tag/1.0.86) [Compare Source](https://togithub.com/dtolnay/anyhow/compare/1.0.85...1.0.86) - Fix parse error in `ensure!` with non-literal after minus sign ([#373](https://togithub.com/dtolnay/anyhow/issues/373)) ### [`v1.0.85`](https://togithub.com/dtolnay/anyhow/releases/tag/1.0.85) [Compare Source](https://togithub.com/dtolnay/anyhow/compare/1.0.84...1.0.85) - Improve `ensure!` macro's rules to unblock some rustc pretty-printer improvements ([#368](https://togithub.com/dtolnay/anyhow/issues/368), [#371](https://togithub.com/dtolnay/anyhow/issues/371)) ### [`v1.0.84`](https://togithub.com/dtolnay/anyhow/releases/tag/1.0.84) [Compare Source](https://togithub.com/dtolnay/anyhow/compare/1.0.83...1.0.84) - Disallow calling `ensure!` through a `Not` impl for a type that is not `bool` ([#367](https://togithub.com/dtolnay/anyhow/issues/367)) ### [`v1.0.83`](https://togithub.com/dtolnay/anyhow/releases/tag/1.0.83) [Compare Source](https://togithub.com/dtolnay/anyhow/compare/1.0.82...1.0.83) - Integrate compile-time checking of cfgs ([#363](https://togithub.com/dtolnay/anyhow/issues/363)) </details> <details> <summary>clap-rs/clap (clap)</summary> ### [`v4.5.6`](https://togithub.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#456---2024-06-06) [Compare Source](https://togithub.com/clap-rs/clap/compare/v4.5.5...v4.5.6) ### [`v4.5.5`](https://togithub.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#455---2024-06-06) [Compare Source](https://togithub.com/clap-rs/clap/compare/v4.5.4...v4.5.5) ##### Fixes - Allow `exclusive` to override `required_unless_present`, `required_unless_present_any`, `required_unless_present_all` </details> <details> <summary>rust-lang/libc (libc)</summary> ### [`v0.2.155`](https://togithub.com/rust-lang/libc/releases/tag/0.2.155) [Compare Source](https://togithub.com/rust-lang/libc/compare/0.2.154...0.2.155) #### What's Changed - Add `SYS_lseek` and `SYS_mmap` for aarch64 Android by [`@lberrymage](https://togithub.com/lberrymage)` in [/~https://github.com/rust-lang/libc/pull/3632](https://togithub.com/rust-lang/libc/pull/3632) - Correct the value of FAN_MARK_IGNORE by [`@severen](https://togithub.com/severen)` in [/~https://github.com/rust-lang/libc/pull/3622](https://togithub.com/rust-lang/libc/pull/3622) - Update FreeBSD 13 CI image by [`@JohnTitor](https://togithub.com/JohnTitor)` in [/~https://github.com/rust-lang/libc/pull/3671](https://togithub.com/rust-lang/libc/pull/3671) - android: add FUTEX_LOCK_PI2 by [`@rtzoeller](https://togithub.com/rtzoeller)` in [/~https://github.com/rust-lang/libc/pull/3635](https://togithub.com/rust-lang/libc/pull/3635) - Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR by [`@purplesyringa](https://togithub.com/purplesyringa)` in [/~https://github.com/rust-lang/libc/pull/3676](https://togithub.com/rust-lang/libc/pull/3676) - Revert "Support posix_spawn on Android" by [`@JohnTitor](https://togithub.com/JohnTitor)` in [/~https://github.com/rust-lang/libc/pull/3678](https://togithub.com/rust-lang/libc/pull/3678) - Unlock ci: fix wrong cfg emscripten by [`@tesuji](https://togithub.com/tesuji)` in [/~https://github.com/rust-lang/libc/pull/3684](https://togithub.com/rust-lang/libc/pull/3684) - redox: correct EPOLL constants by [`@jackpot51](https://togithub.com/jackpot51)` in [/~https://github.com/rust-lang/libc/pull/3686](https://togithub.com/rust-lang/libc/pull/3686) - \[0.2] Revert "Upgrade Docker images to Ubuntu 23.10" on sparc64 by [`@cuviper](https://togithub.com/cuviper)` in [/~https://github.com/rust-lang/libc/pull/3708](https://togithub.com/rust-lang/libc/pull/3708) - Re-add `posix_spawn{_file_actions_t,attr_t}` on Android by [`@tesuji](https://togithub.com/tesuji)` in [/~https://github.com/rust-lang/libc/pull/3690](https://togithub.com/rust-lang/libc/pull/3690) - Update version to `0.2.155` by [`@madsmtm](https://togithub.com/madsmtm)` in [/~https://github.com/rust-lang/libc/pull/3682](https://togithub.com/rust-lang/libc/pull/3682) #### New Contributors - [`@lberrymage](https://togithub.com/lberrymage)` made their first contribution in [/~https://github.com/rust-lang/libc/pull/3632](https://togithub.com/rust-lang/libc/pull/3632) - [`@purplesyringa](https://togithub.com/purplesyringa)` made their first contribution in [/~https://github.com/rust-lang/libc/pull/3676](https://togithub.com/rust-lang/libc/pull/3676) **Full Changelog**: rust-lang/libc@0.2.154...0.2.155 </details> <details> <summary>Seeker14491/opener (opener)</summary> ### [`v0.7.1`](https://togithub.com/Seeker14491/opener/blob/HEAD/CHANGELOG.md#071---2024-05-17) [Compare Source](https://togithub.com/Seeker14491/opener/compare/v0.7.0...v0.7.1) ##### Fixed - On Linux, the `dbus` crate is now only pulled in when enabling the `reveal` feature (as was the case prior to `opener` v0.7.0). - Fixed a Cargo error when compiling `opener` using versions of Rust prior to 1.71. </details> <details> <summary>rust-lang/regex (regex)</summary> ### [`v1.10.5`](https://togithub.com/rust-lang/regex/blob/HEAD/CHANGELOG.md#1105-2024-06-09) [Compare Source](https://togithub.com/rust-lang/regex/compare/1.10.4...1.10.5) \=================== This is a new patch release with some minor fixes. Bug fixes: - [BUG #1203](https://togithub.com/rust-lang/regex/pull/1203): Escape invalid UTF-8 when in the `Debug` impl of `regex::bytes::Match`. </details> <details> <summary>kornelski/rust-security-framework (security-framework)</summary> ### [`v2.11.0`](https://togithub.com/kornelski/rust-security-framework/compare/v2.10.0...v2.11.0) [Compare Source](https://togithub.com/kornelski/rust-security-framework/compare/v2.10.0...v2.11.0) </details> <details> <summary>dtolnay/semver (semver)</summary> ### [`v1.0.23`](https://togithub.com/dtolnay/semver/releases/tag/1.0.23) [Compare Source](https://togithub.com/dtolnay/semver/compare/1.0.22...1.0.23) - Resolve unexpected_cfgs warning ([#318](https://togithub.com/dtolnay/semver/issues/318)) </details> <details> <summary>serde-rs/serde (serde)</summary> ### [`v1.0.203`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.203) [Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203) - Documentation improvements ([#2747](https://togithub.com/serde-rs/serde/issues/2747)) ### [`v1.0.202`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.202) [Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.201...v1.0.202) - Provide public access to RenameAllRules in serde_derive_internals ([#2743](https://togithub.com/serde-rs/serde/issues/2743)) ### [`v1.0.201`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.201) [Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.200...v1.0.201) - Resolve unexpected_cfgs warning ([#2737](https://togithub.com/serde-rs/serde/issues/2737)) ### [`v1.0.200`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.200) [Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.199...v1.0.200) - Fix formatting of "invalid type" and "invalid value" deserialization error messages containing NaN or infinite floats ([#2733](https://togithub.com/serde-rs/serde/issues/2733), thanks [`@jamessan](https://togithub.com/jamessan))` </details> <details> <summary>dtolnay/serde-untagged (serde-untagged)</summary> ### [`v0.1.6`](https://togithub.com/dtolnay/serde-untagged/releases/tag/0.1.6) [Compare Source](https://togithub.com/dtolnay/serde-untagged/compare/0.1.5...0.1.6) - Relocate some unsafe code over to `typeid` crate </details> <details> <summary>serde-rs/json (serde_json)</summary> ### [`v1.0.117`](https://togithub.com/serde-rs/json/releases/tag/v1.0.117) [Compare Source](https://togithub.com/serde-rs/json/compare/v1.0.116...v1.0.117) - Resolve unexpected_cfgs warning ([#1130](https://togithub.com/serde-rs/json/issues/1130)) </details> <details> <summary>assert-rs/trycmd (snapbox)</summary> ### [`v0.6.9`](https://togithub.com/assert-rs/trycmd/compare/snapbox-v0.6.8...snapbox-v0.6.9) [Compare Source](https://togithub.com/assert-rs/trycmd/compare/snapbox-v0.6.8...snapbox-v0.6.9) ### [`v0.6.8`](https://togithub.com/assert-rs/trycmd/compare/snapbox-v0.6.7...snapbox-v0.6.8) [Compare Source](https://togithub.com/assert-rs/trycmd/compare/snapbox-v0.6.7...snapbox-v0.6.8) </details> <details> <summary>alexcrichton/tar-rs (tar)</summary> ### [`v0.4.41`](https://togithub.com/alexcrichton/tar-rs/compare/0.4.40...0.4.41) [Compare Source](https://togithub.com/alexcrichton/tar-rs/compare/0.4.40...0.4.41) </details> <details> <summary>dtolnay/thiserror (thiserror)</summary> ### [`v1.0.61`](https://togithub.com/dtolnay/thiserror/releases/tag/1.0.61) [Compare Source](https://togithub.com/dtolnay/thiserror/compare/1.0.60...1.0.61) - Use `core::fmt` and `core::panic` to facilitate `error_in_core` support ([#299](https://togithub.com/dtolnay/thiserror/issues/299), thanks [`@jordens](https://togithub.com/jordens))` ### [`v1.0.60`](https://togithub.com/dtolnay/thiserror/releases/tag/1.0.60) [Compare Source](https://togithub.com/dtolnay/thiserror/compare/1.0.59...1.0.60) - Resolve unexpected_cfgs warning ([#298](https://togithub.com/dtolnay/thiserror/issues/298)) </details> <details> <summary>unicode-rs/unicode-width (unicode-width)</summary> ### [`v0.1.13`](https://togithub.com/unicode-rs/unicode-width/compare/v0.1.12...v0.1.13) [Compare Source](https://togithub.com/unicode-rs/unicode-width/compare/v0.1.12...v0.1.13) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 5am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/rust-lang/cargo).

(apply <rust-lang#3676> to `main`) (cherry picked from commit dc88f4c)

Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR

dc88f4c

rustbot assigned JohnTitor May 1, 2024

rustbot added the S-waiting-on-review label May 1, 2024

JohnTitor approved these changes May 1, 2024

View reviewed changes

JohnTitor enabled auto-merge May 1, 2024 15:51

JohnTitor added this pull request to the merge queue May 1, 2024

Merged via the queue into rust-lang:libc-0.2 with commit 73efe14 May 1, 2024
57 checks passed

tgross35 added the main-needs-cherry-pick This PR was merged against libc-0.2 but does not yet exist in main. label Aug 13, 2024

tgross35 pushed a commit to tgross35/rust-libc that referenced this pull request Aug 28, 2024

Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR

a6caa32

(apply <rust-lang#3676> to `main`) (cherry picked from commit dc88f4c)

tgross35 mentioned this pull request Aug 29, 2024

[main] Apply three pull requests to main #3874

Merged

tgross35 added main-applied This PR was merged against libc-0.2 and main has since been updated to include it and removed main-needs-cherry-pick This PR was merged against libc-0.2 but does not yet exist in main. labels Aug 29, 2024

renovate-bot mentioned this pull request Oct 22, 2024

chore(deps): update compatible X-oss-byte/Cargo.io#3

Open

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR #3676

Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR #3676

purplesyringa commented May 1, 2024

rustbot commented May 1, 2024

Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR #3676

Fix out-of-bounds pointer arithmetic in CMSG_NXTHDR #3676

Conversation

purplesyringa commented May 1, 2024

rustbot commented May 1, 2024