Skip to content

Add advisory for bytes-str: BytesString::split_off can break UTF-8 invariant#2919

Open
yilin0518 wants to merge 1 commit into
rustsec:mainfrom
yilin0518:bytes-str
Open

Add advisory for bytes-str: BytesString::split_off can break UTF-8 invariant#2919
yilin0518 wants to merge 1 commit into
rustsec:mainfrom
yilin0518:bytes-str

Conversation

@yilin0518
Copy link
Copy Markdown

@yilin0518 yilin0518 commented May 28, 2026
edited
Loading

Affected crate(s)

  • bytes-str (3,327,893 recent downloads on crates.io)

Links to upstream issue(s) or PR(s)

Severity

Soundness issue in safe code leading to undefined behavior (invalid &str constructed via split_off() + as_str()), with potential for memory corruption.

Checklist

  • Advisory filename(s) starts with RUSTSEC-0000-0000 as the ID
  • date field is set to the public disclosure date
  • Contains a concise and descriptive title after advisory metadata
  • Asked maintainer(s) if publishing an advisory is appropriate

@djc djc mentioned this pull request Jun 1, 2026
Closed
@djc
Copy link
Copy Markdown
Member

djc commented Jun 1, 2026

Pinged the maintainer on the upstream issue, let's see what they see -- feel free to ping me again in 4 weeks if there's been no response.

@djc
Copy link
Copy Markdown
Member

djc commented Jun 1, 2026

@kdy1 so do you think this warrants an advisory being published?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yilin0518 @djc