The KeyValueReader
type in affected versions of this crate set up an
uninitialized memory buffer and passed them to be read in to a user-provided
Read
instance.
The Read
instance could read uninitialized memory and cause undefined
behavior and miscompilations.
This issue was fixed in commit dd59b30 by zero-initializing the buffers before passing them.
{ "license": "CC0-1.0" }