You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of borsh cause undefined behavior when zero-sized-types (ZST)
are parsed and the Copy/Clone traits are not implemented/derived.
For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy
(this can be achieved through a singleton), then accessing/writing to deserialized
data will cause a segmentation fault.
There is currently no way for borsh to read data without also providing a Rust type.
Therefore, if not ZST are used for serialization, then you are not affected by this issue.
borsh0.9.3Affected versions of borsh cause undefined behavior when zero-sized-types (ZST)
are parsed and the Copy/Clone traits are not implemented/derived.
For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy
(this can be achieved through a singleton), then accessing/writing to deserialized
data will cause a segmentation fault.
There is currently no way for borsh to read data without also providing a Rust type.
Therefore, if not ZST are used for serialization, then you are not affected by this issue.
See advisory page for additional details.
The text was updated successfully, but these errors were encountered: