advisory-db icon indicating copy to clipboard operation
advisory-db copied to clipboard
verified publisher icon rustsec

smallstr crate undefined behavior

Open carols10cents opened this issue 5 months ago • 2 comments

The crates.io support email got a report about smallstr that referenced this issue: https://github.com/murarth/smallstr/issues/27

so I'm handing this over to you. Please let us know if there's any action you think crates.io should take!

carols10cents avatar Jul 21 '25 14:07 carols10cents

I've emailed the maintainer, let's see if they respond.

djc avatar Aug 13 '25 10:08 djc

https://github.com/murarth/smallstr/pull/28 was released as v0.3.1 months ago.

Given https://github.com/A4-Tacks/smallstr/commit/9bfe163a106d5d6e55c27570f29c6f2a29782cd6 , and the rest of the fixed code was from the initial commit, I suggest that the RUSTSEC should list all prior versions as unsound.

cc @murarth

jayvdb avatar Nov 16 '25 21:11 jayvdb