`impl Random` on arrays can lead to dropping uninitialized memory

[JOE1994]

Hello 🦀 ,
we (Rust group @sslab-gatech) found a memory-safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities.

Issue Description

autorand-rs/src/lib.rs

Lines 160 to 170 in c838309

	impl<T: Random> Random for [T; $s] {
	fn random() -> Self {
	unsafe {
	let mut array: [T; $s] = std::mem::uninitialized();
	for i in 0..$s {
	std::ptr::write(&mut array[i], T::random());
	}
	array
	}
	}
	}

T::random() can potentially panic (since Random is a public trait and users can implement it on custom types) and if it does,
the partially initialized array is dropped. Thus T::drop() can be invoked on uninitialized memory, leading to undefined behavior.

Thank you for reviewing this issue 👍

[mersinvald]

Thank you for pointing that out, I'll release a fixed version right away.

Great work, thanks for making Rust open-source safer

[JOE1994]

Thank you for your feedback! Would you also mind publishing a new release containing the fix to crates.io?

[mersinvald]

Yeah, doing just that