File tree 1 file changed +24
-0
lines changed 1 file changed +24
-0
lines changed Original file line number Diff line number Diff line change 1+ ``` toml
2+ [advisory ]
3+ id = " RUSTSEC-0000-0000"
4+ package = " std"
5+ date = " 2020-10-28"
6+ url = " https://github.com/rust-lang/rust/issues/78498"
7+
8+ [affected .functions ]
9+ "alloc::string::String::retain" = [" < 1.49.0, >= 1.26.0"
10+
11+ [versions ]
12+ patched = [" >= 1.49.0"
13+ unaffected = [" < 1.26.0"
14+ ```
15+
16+ # ` String::retain() ` may return non-UTF-8 string when the predicate closure panics
17+
18+ The affected version of the Rust standard library shipped ` String::retain() ` that is not panic safe.
19+ The affected version of this API
20+ may leave the string in non-UTF-8 status if the provided predicate closure panics in the middle of the iteration.
21+ The standard library has an invariant that assumes all strings are UTF-8 encoded,
22+ so it could lead to a safety violation if that invalid string is used again in the unwinding path.
23+ The bug was fixed by truncating the string before the iteration.
24+ It now returns an empty string when the predicate panics.
You can’t perform that action at this time.
0 commit comments