The read_bytes_default_le
function for [T; n]
arrays, used to deserialize
arrays of T
from bytes created a [T; n]
array with std::mem::uninitialized
and then called T
's deserialization method.
If T
's deserialization method panicked, the uninitialized memory could drop
invalid objects.
This flaw was corrected in a535678
by removing the unsafe block and using
a .map
function to deserialize each element of the array instead.
{ "license": "CC0-1.0" }