GHSA-cq8v-f236-94qc: Rand is unsound with a custom logger using rand::rng()
It has been reported (by @lopopolo) that the rand library is unsound (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
- The
logandthread_rngfeatures are enabled - A custom logger is defined
- The custom logger accesses
rand::rng()(previouslyrand::thread_rng()) and calls anyTryRng(previouslyRngCore) methods onThreadRng - The
ThreadRng(attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data) - Trace-level logging is enabled or warn-level logging is enabled and the random source (the
getrandomcrate) is unable to provide a new seed
TryRng (previously RngCore) methods for ThreadRng use unsafe code to cast *mut BlockRng<ReseedingCore> to &mut BlockRng<ReseedingCore>. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of aliased mutable references is Undefined Behaviour, the behaviour of optimized builds is hard to predict.
Affected versions of rand are >= 0.7, < 0.9.3 and 0.10.0.
References
Code Behaviors & Features
Detect and mitigate GHSA-cq8v-f236-94qc with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →