Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions crates/hugepage-rs/RUSTSEC-0000-0000.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "hugepage-rs"
date = "2025-04-24"
url = "https://github.com/cppcoffee/hugepage-rs/issues/5"
references = [
"https://github.com/cppcoffee/hugepage-rs/pull/6",
"https://github.com/cppcoffee/hugepage-rs/commit/2b30bdf227f39b1c9ed7af16ea0cc3957f88da18"
]
informational = "unsound"
categories = ["memory-corruption"]

[affected.functions]
"hugepage_rs::dealloc" = ["<= 0.1.0"]

[versions]
patched = [">= 0.1.1"]
```

# `hugepage_rs::dealloc` may allow invalid memory deallocation from safe code

`hugepage_rs::dealloc` was a publicly accessible safe function. It accepted an arbitrary raw pointer and `Layout`, then forwarded them to the hugepage allocator's `GlobalAlloc::dealloc` implementation.

`GlobalAlloc::dealloc` requires callers to ensure that the pointer denotes a block of memory currently allocated by the allocator and that the layout is the same layout used for the allocation. The safe wrapper neither verified these requirements nor marked them as
unsafe preconditions for callers.

Affected versions therefore allowed safe Rust code to call `dealloc` with an invalid pointer, a pointer not allocated by the hugepage allocator, or an incorrect layout, which could cause undefined behavior.

The upstream repository fixed this in version `0.1.1` by marking `dealloc` as unsafe and documenting the caller's safety requirements.