{"id":"GHSA-83gg-pwxf-jr89","summary":"`array!` macro is unsound in presence of traits that implement methods it calls internally","details":"Affected versions of this crate called some methods using auto-ref. The affected code looked like this.\n\n```rust\nlet mut arr = $crate::__core::mem::MaybeUninit::uninit();\nlet mut vec = $crate::__ArrayVec::\u003cT\u003e::new(arr.as_mut_ptr() as *mut T);\n```\n\nIn this case, the problem is that `as_mut_ptr` is a method of `&mut MaybeUninit`, not `MaybeUninit`. This made it possible for traits to hijack the method calls in order to cause unsoundness.\n\n```rust\ntrait AsMutPtr\u003cT\u003e {\n    fn as_mut_ptr(&self) -\u003e *mut T;\n}\nimpl\u003cT\u003e AsMutPtr\u003cT\u003e for std::mem::MaybeUninit\u003cT\u003e {\n    fn as_mut_ptr(&self) -\u003e *mut T {\n        std::ptr::null_mut()\n    }\n}\narray![0; 1];\n```\n\nThe flaw was corrected by explicitly referencing variables in macro body in order to avoid auto-ref.\n","aliases":["RUSTSEC-2020-0161"],"modified":"2023-11-08T04:17:08.031225Z","published":"2022-06-16T23:40:19Z","database_specific":{"severity":"MODERATE","github_reviewed":true,"nvd_published_at":null,"github_reviewed_at":"2022-06-16T23:40:19Z","cwe_ids":[]},"references":[{"type":"WEB","url":"https://github.com/xfix/array-macro/commit/01940637dd8f3bfeeee3faf9639fa9ae52f19f4d"},{"type":"WEB","url":"https://github.com/rustsec/advisory-db/blob/main/crates/array-macro/RUSTSEC-2020-0161.md"},{"type":"PACKAGE","url":"https://github.com/xfix/array-macro"},{"type":"WEB","url":"https://gitlab.com/KonradBorowski/array-macro/-/commit/01940637dd8f3bfeeee3faf9639fa9ae52f19f4d"},{"type":"WEB","url":"https://rustsec.org/advisories/RUSTSEC-2020-0161.html"}],"affected":[{"package":{"name":"array-macro","ecosystem":"crates.io","purl":"pkg:cargo/array-macro"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.1.2"},{"fixed":"1.0.5"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-83gg-pwxf-jr89/GHSA-83gg-pwxf-jr89.json"}}],"schema_version":"1.7.3"}