Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate arguments to ArrayData::try_new() #817

Closed
3 tasks done
alamb opened this issue Oct 6, 2021 · 0 comments · Fixed by #921
Closed
3 tasks done

Validate arguments to ArrayData::try_new() #817

alamb opened this issue Oct 6, 2021 · 0 comments · Fixed by #921
Assignees
@alamb
Labels
arrow Changes to the arrow crate enhancement Any new improvement worthy of a entry in the changelog security

Comments

@alamb
Copy link
Contributor

alamb commented Oct 6, 2021
edited
Loading

Is your feature request related to a problem or challenge? Please describe what you are trying to do.
This ticket lists a high level plan to address one of the main sources of security issues in arrow-rs
such as #772 and likely several others on https://github.com/apache/arrow-rs/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity

As demonstrated in https://github.com/jorgecarleitao/arrow2#why, and almost all of the examples in https://github.com/apache/arrow-rs/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity, creating ArrayData::new with invalid arguments can lead to undefined behavior.

See also the discussion with @jhorstmann and others on https://lists.apache.org/thread.html/r3f12f3352ca36264622d4103fcb6c7c71544dcaf0f0a7e842f00c3a0%40%3Cdev.arrow.apache.org%3E

Describe the solution you'd like
I propose to follow the C++ implementation (kudos to @pitrou) in https://github.com/apache/arrow/blob/b73af9a1607caa4a04e1a11896aed6669847a4d4/cpp/src/arrow/array/validate.cc#L388-L392

Add two new functions:

  1. ArrayData::validate() -- checks offsets / buffer sizes, relatively inexpensive
  2. ArrayData::validate_full -- which callsvalidate() AND checks all variable length data structures for consistency (e.g. ensures the offsets of a StringArray are within the size of the base array

Then, change ArrayData to have two constructors:

  1. unsafe ArrayData::new_unchecked() - Behaves like ArrayData::new() does today -- namely has no validation
  2. ArrayData::try_new() will be safe in the Rust sense -- can not cause undefined behavior and thus will call ArrayData::validate_full

This design will follow the Rust philosophy of "safe by default" but offer an alternative (unsafe) mechanism to bypass checking for known good inputs. This unsafe mechanism has been prototyped by @jhorstmann in #813

Describe alternatives you've considered
Could wait for arrow2 convergence, if that happens, but since the timeline on that ETA is still unknown, safety for the arrow-rs implementation seems to justify spending time here

** Progress **
@alamb alamb added enhancement Any new improvement worthy of a entry in the changelog security arrow Changes to the arrow crate labels Oct 6, 2021
@alamb alamb changed the title Validate arguments to ArrayData::new() Validate arguments to ArrayData::new() by default Oct 6, 2021
@alamb alamb self-assigned this Oct 6, 2021
This was referenced Oct 6, 2021
Merged
Merged
@alamb alamb changed the title Validate arguments to ArrayData::new() by default Validate arguments to ArrayData::try_new() Oct 29, 2021
This was referenced Oct 29, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Merged
@alamb alamb closed this as completed in #921 Dec 4, 2021
saethlin added a commit to saethlin/advisory-db that referenced this issue Dec 22, 2021
@saethlin
Mark arrow advisories as fixed in apache/arrow-rs#817
83db7e3
@saethlin saethlin mentioned this issue Dec 22, 2021
Merged
alex pushed a commit to rustsec/advisory-db that referenced this issue Dec 22, 2021
@saethlin
Mark arrow advisories as fixed in apache/arrow-rs#817 (#1131)
3952f34
dfinity-bot added a commit to dfinity/sdk that referenced this issue Feb 15, 2022
@dfinity-bot
build: niv advisory-db: update dd7d3d72 -> 97388358
03f3d70 
## Changelog for advisory-db:
Branch: main
Commits: [rustsec/advisory-db@dd7d3d72...97388358](rustsec/advisory-db@dd7d3d7...9738835)

* [`3952f343`](rustsec/advisory-db@3952f34) Mark arrow advisories as fixed in apache/arrow-rs#817 ([RustSec/advisory-db⁠#1131](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1131))
* [`7f0874b5`](rustsec/advisory-db@7f0874b) Mark cargo-download unmaintained ([RustSec/advisory-db⁠#1132](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1132))
* [`1ea676a6`](rustsec/advisory-db@1ea676a) Assigned RUSTSEC-2021-0133 to cargo-download ([RustSec/advisory-db⁠#1133](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1133))
* [`a20a779b`](rustsec/advisory-db@a20a779) Turn the issue about shamir into an advisory ([RustSec/advisory-db⁠#1134](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1134))
* [`de2da259`](rustsec/advisory-db@de2da25) Assigned RUSTSEC-2020-0160 to shamir ([RustSec/advisory-db⁠#1135](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1135))
* [`2b51ce82`](rustsec/advisory-db@2b51ce8) Report that rental is no longer maintained ([RustSec/advisory-db⁠#1136](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1136))
* [`dcf8fb2a`](rustsec/advisory-db@dcf8fb2) Assigned RUSTSEC-2021-0134 to rental ([RustSec/advisory-db⁠#1137](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1137))
* [`0bc31953`](rustsec/advisory-db@0bc3195) Add unmaintained advisory for lmdb ([RustSec/advisory-db⁠#1142](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1142))
* [`9997408c`](rustsec/advisory-db@9997408) Assigned RUSTSEC-2022-0001 to lmdb ([RustSec/advisory-db⁠#1143](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1143))
* [`97798466`](rustsec/advisory-db@9779846) README.md: bump maintained date
* [`14b4f228`](rustsec/advisory-db@14b4f22) RUSTSEC-2016-0015: remove `sodiumoxide` recommendation ([RustSec/advisory-db⁠#1145](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1145))
* [`61d8acaf`](rustsec/advisory-db@61d8aca) Undefined behavior in `dashmap` ([RustSec/advisory-db⁠#1146](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1146))
* [`36e44b1f`](rustsec/advisory-db@36e44b1) Assigned RUSTSEC-2022-0002 to dashmap ([RustSec/advisory-db⁠#1148](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1148))
* [`2e646db5`](rustsec/advisory-db@2e646db) Add CVE to RUSTSEC-2021-0124 ([RustSec/advisory-db⁠#1149](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1149))
* [`770c8cad`](rustsec/advisory-db@770c8ca) Add rust-ammonia/ammonia[RustSec/advisory-db⁠#147](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/147) ([RustSec/advisory-db⁠#1152](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1152))
* [`bf972ed7`](rustsec/advisory-db@bf972ed) Assigned RUSTSEC-2022-0003 to ammonia ([RustSec/advisory-db⁠#1153](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1153))
* [`aad861dd`](rustsec/advisory-db@aad861d) Add advisory for CVE-2022-21658 ([RustSec/advisory-db⁠#1155](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1155))
* [`d4c65da0`](rustsec/advisory-db@d4c65da) Correct year for CVE-2022-21658 ([RustSec/advisory-db⁠#1157](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1157))
* [`ff5b4456`](rustsec/advisory-db@ff5b445) Add advisory for tower-http[RustSec/advisory-db⁠#204](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/204) ([RustSec/advisory-db⁠#1159](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1159))
* [`3e8ee098`](rustsec/advisory-db@3e8ee09) Assigned RUSTSEC-2021-0135 to tower-http ([RustSec/advisory-db⁠#1160](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1160))
* [`b0dce59b`](rustsec/advisory-db@b0dce59) Fix version specification in CVE-2022-21658 ([RustSec/advisory-db⁠#1161](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1161))
* [`d1235dbb`](rustsec/advisory-db@d1235db) Add advisory for array-macro ([RustSec/advisory-db⁠#1162](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1162))
* [`258329ba`](rustsec/advisory-db@258329b) Assigned RUSTSEC-2020-0161 to array-macro ([RustSec/advisory-db⁠#1163](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1163))
* [`3e6d7719`](rustsec/advisory-db@3e6d771) Add advisory for rustc_serialize ([RustSec/advisory-db⁠#1140](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1140))
* [`5a24458f`](rustsec/advisory-db@5a24458) Assigned RUSTSEC-2022-0004 to rustc-serialize ([RustSec/advisory-db⁠#1164](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1164))
* [`190dfb9d`](rustsec/advisory-db@190dfb9) Update which tower-http versions are affected by RUSTSEC-2021-0135 ([RustSec/advisory-db⁠#1166](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1166))
* [`e8f33f7e`](rustsec/advisory-db@e8f33f7) Add unmaintained crate advisory for `ftd2xx-embedded-hal` ([RustSec/advisory-db⁠#1167](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1167))
* [`0ca65bbd`](rustsec/advisory-db@0ca65bb) Assigned RUSTSEC-2022-0005 to ftd2xx-embedded-hal ([RustSec/advisory-db⁠#1168](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1168))
* [`1ecfb4a3`](rustsec/advisory-db@1ecfb4a) Add advisory for Amanieu/thread_local-rs[RustSec/advisory-db⁠#33](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/33) ([RustSec/advisory-db⁠#1169](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1169))
* [`9839c6ee`](rustsec/advisory-db@9839c6e) Assigned RUSTSEC-2022-0006 to thread_local ([RustSec/advisory-db⁠#1170](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1170))
* [`3c8a9dc3`](rustsec/advisory-db@3c8a9dc) Add qcell crate advisory ([RustSec/advisory-db⁠#1171](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1171))
* [`9da1eb7e`](rustsec/advisory-db@9da1eb7) Assigned RUSTSEC-2022-0007 to qcell ([RustSec/advisory-db⁠#1172](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1172))
* [`989da550`](rustsec/advisory-db@989da55) Add advisory for windows ([RustSec/advisory-db⁠#1177](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1177))
* [`c9a98f3b`](rustsec/advisory-db@c9a98f3) Assigned RUSTSEC-2022-0008 to windows ([RustSec/advisory-db⁠#1178](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1178))
* [`b2a864d3`](rustsec/advisory-db@b2a864d) Add patched version to DashMap advisory ([RustSec/advisory-db⁠#1181](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1181))
* [`ec4cc26a`](rustsec/advisory-db@ec4cc26) Add entry for libp2p-core vulnerability ([RustSec/advisory-db⁠#1182](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1182))
* [`8f550f12`](rustsec/advisory-db@8f550f1) Assigned RUSTSEC-2022-0009 to libp2p-core ([RustSec/advisory-db⁠#1183](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1183))
* [`ff3a5264`](rustsec/advisory-db@ff3a526) Mark tokio-proto as deprecated ([RustSec/advisory-db⁠#1184](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1184))
* [`17946d71`](rustsec/advisory-db@17946d7) Assigned RUSTSEC-2020-0162 to tokio-proto ([RustSec/advisory-db⁠#1185](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1185))
* [`90790107`](rustsec/advisory-db@9079010) Update RUSTSEC-2022-0009.md ([RustSec/advisory-db⁠#1186](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1186))
* [`97388358`](rustsec/advisory-db@9738835) Suggest maintained alternatives for Rental advisory ([RustSec/advisory-db⁠#1187](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1187))
@dfinity-bot dfinity-bot mentioned this issue Feb 15, 2022
Merged
mergify bot pushed a commit to dfinity/sdk that referenced this issue Feb 15, 2022
@dfinity-bot
build: niv advisory-db: update dd7d3d72 -> 97388358 (#2030)
cf6795e 
## Changelog for advisory-db:
Branch: main
Commits: [rustsec/advisory-db@dd7d3d72...97388358](rustsec/advisory-db@dd7d3d7...9738835)

* [`3952f343`](rustsec/advisory-db@3952f34) Mark arrow advisories as fixed in apache/arrow-rs#817 ([RustSec/advisory-db⁠#1131](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1131))
* [`7f0874b5`](rustsec/advisory-db@7f0874b) Mark cargo-download unmaintained ([RustSec/advisory-db⁠#1132](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1132))
* [`1ea676a6`](rustsec/advisory-db@1ea676a) Assigned RUSTSEC-2021-0133 to cargo-download ([RustSec/advisory-db⁠#1133](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1133))
* [`a20a779b`](rustsec/advisory-db@a20a779) Turn the issue about shamir into an advisory ([RustSec/advisory-db⁠#1134](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1134))
* [`de2da259`](rustsec/advisory-db@de2da25) Assigned RUSTSEC-2020-0160 to shamir ([RustSec/advisory-db⁠#1135](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1135))
* [`2b51ce82`](rustsec/advisory-db@2b51ce8) Report that rental is no longer maintained ([RustSec/advisory-db⁠#1136](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1136))
* [`dcf8fb2a`](rustsec/advisory-db@dcf8fb2) Assigned RUSTSEC-2021-0134 to rental ([RustSec/advisory-db⁠#1137](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1137))
* [`0bc31953`](rustsec/advisory-db@0bc3195) Add unmaintained advisory for lmdb ([RustSec/advisory-db⁠#1142](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1142))
* [`9997408c`](rustsec/advisory-db@9997408) Assigned RUSTSEC-2022-0001 to lmdb ([RustSec/advisory-db⁠#1143](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1143))
* [`97798466`](rustsec/advisory-db@9779846) README.md: bump maintained date
* [`14b4f228`](rustsec/advisory-db@14b4f22) RUSTSEC-2016-0015: remove `sodiumoxide` recommendation ([RustSec/advisory-db⁠#1145](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1145))
* [`61d8acaf`](rustsec/advisory-db@61d8aca) Undefined behavior in `dashmap` ([RustSec/advisory-db⁠#1146](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1146))
* [`36e44b1f`](rustsec/advisory-db@36e44b1) Assigned RUSTSEC-2022-0002 to dashmap ([RustSec/advisory-db⁠#1148](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1148))
* [`2e646db5`](rustsec/advisory-db@2e646db) Add CVE to RUSTSEC-2021-0124 ([RustSec/advisory-db⁠#1149](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1149))
* [`770c8cad`](rustsec/advisory-db@770c8ca) Add rust-ammonia/ammonia[RustSec/advisory-db⁠#147](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/147) ([RustSec/advisory-db⁠#1152](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1152))
* [`bf972ed7`](rustsec/advisory-db@bf972ed) Assigned RUSTSEC-2022-0003 to ammonia ([RustSec/advisory-db⁠#1153](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1153))
* [`aad861dd`](rustsec/advisory-db@aad861d) Add advisory for CVE-2022-21658 ([RustSec/advisory-db⁠#1155](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1155))
* [`d4c65da0`](rustsec/advisory-db@d4c65da) Correct year for CVE-2022-21658 ([RustSec/advisory-db⁠#1157](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1157))
* [`ff5b4456`](rustsec/advisory-db@ff5b445) Add advisory for tower-http[RustSec/advisory-db⁠#204](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/204) ([RustSec/advisory-db⁠#1159](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1159))
* [`3e8ee098`](rustsec/advisory-db@3e8ee09) Assigned RUSTSEC-2021-0135 to tower-http ([RustSec/advisory-db⁠#1160](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1160))
* [`b0dce59b`](rustsec/advisory-db@b0dce59) Fix version specification in CVE-2022-21658 ([RustSec/advisory-db⁠#1161](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1161))
* [`d1235dbb`](rustsec/advisory-db@d1235db) Add advisory for array-macro ([RustSec/advisory-db⁠#1162](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1162))
* [`258329ba`](rustsec/advisory-db@258329b) Assigned RUSTSEC-2020-0161 to array-macro ([RustSec/advisory-db⁠#1163](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1163))
* [`3e6d7719`](rustsec/advisory-db@3e6d771) Add advisory for rustc_serialize ([RustSec/advisory-db⁠#1140](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1140))
* [`5a24458f`](rustsec/advisory-db@5a24458) Assigned RUSTSEC-2022-0004 to rustc-serialize ([RustSec/advisory-db⁠#1164](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1164))
* [`190dfb9d`](rustsec/advisory-db@190dfb9) Update which tower-http versions are affected by RUSTSEC-2021-0135 ([RustSec/advisory-db⁠#1166](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1166))
* [`e8f33f7e`](rustsec/advisory-db@e8f33f7) Add unmaintained crate advisory for `ftd2xx-embedded-hal` ([RustSec/advisory-db⁠#1167](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1167))
* [`0ca65bbd`](rustsec/advisory-db@0ca65bb) Assigned RUSTSEC-2022-0005 to ftd2xx-embedded-hal ([RustSec/advisory-db⁠#1168](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1168))
* [`1ecfb4a3`](rustsec/advisory-db@1ecfb4a) Add advisory for Amanieu/thread_local-rs[RustSec/advisory-db⁠#33](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/33) ([RustSec/advisory-db⁠#1169](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1169))
* [`9839c6ee`](rustsec/advisory-db@9839c6e) Assigned RUSTSEC-2022-0006 to thread_local ([RustSec/advisory-db⁠#1170](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1170))
* [`3c8a9dc3`](rustsec/advisory-db@3c8a9dc) Add qcell crate advisory ([RustSec/advisory-db⁠#1171](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1171))
* [`9da1eb7e`](rustsec/advisory-db@9da1eb7) Assigned RUSTSEC-2022-0007 to qcell ([RustSec/advisory-db⁠#1172](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1172))
* [`989da550`](rustsec/advisory-db@989da55) Add advisory for windows ([RustSec/advisory-db⁠#1177](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1177))
* [`c9a98f3b`](rustsec/advisory-db@c9a98f3) Assigned RUSTSEC-2022-0008 to windows ([RustSec/advisory-db⁠#1178](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1178))
* [`b2a864d3`](rustsec/advisory-db@b2a864d) Add patched version to DashMap advisory ([RustSec/advisory-db⁠#1181](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1181))
* [`ec4cc26a`](rustsec/advisory-db@ec4cc26) Add entry for libp2p-core vulnerability ([RustSec/advisory-db⁠#1182](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1182))
* [`8f550f12`](rustsec/advisory-db@8f550f1) Assigned RUSTSEC-2022-0009 to libp2p-core ([RustSec/advisory-db⁠#1183](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1183))
* [`ff3a5264`](rustsec/advisory-db@ff3a526) Mark tokio-proto as deprecated ([RustSec/advisory-db⁠#1184](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1184))
* [`17946d71`](rustsec/advisory-db@17946d7) Assigned RUSTSEC-2020-0162 to tokio-proto ([RustSec/advisory-db⁠#1185](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1185))
* [`90790107`](rustsec/advisory-db@9079010) Update RUSTSEC-2022-0009.md ([RustSec/advisory-db⁠#1186](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1186))
* [`97388358`](rustsec/advisory-db@9738835) Suggest maintained alternatives for Rental advisory ([RustSec/advisory-db⁠#1187](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1187))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alamb alamb

Labels
arrow Changes to the arrow crate enhancement Any new improvement worthy of a entry in the changelog security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add full data validation for ArrayData::try_new() alamb/arrow-rs
1 participant
@alamb