Conversation
Address CVE-2021-42574.
|
(rust-highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
|
The fix was developed by @estebank and reviewed by @nikomatsakis out of band. @bors r=nikomatsakis p=250 rollup=never |
|
📌 Commit a567c8a has been approved by |
bors
added
S-waiting-on-bors
This comment has been minimized.
This comment has been minimized.
|
⌛ Testing commit a567c8a with merge 64361dd1e4c809de1e72b198d08ba9fa549244d8... |
|
💔 Test failed - checks-actions |
bors
added
S-waiting-on-review
This comment has been minimized.
This comment has been minimized.
|
Fixed formatting. @bors r=nikomatsakis,pietroalbini p=250 rollup=never |
|
📌 Commit cdd3b86 has been approved by |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
Tested on commit rust-lang/rust@db14a17. Direct link to PR: <rust-lang/rust#90462> 🎉 rls on linux: test-fail → test-pass (cc @Xanewok).
|
Finished benchmarking commit (db14a17): comparison url. Summary: This change led to very large relevant mixed results 🤷 in compiler performance.
If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf. Next Steps: If you can justify the regressions found in this perf run, please indicate this with @rustbot label: +perf-regression |
| /// ```rust,compile_fail | ||
| /// #![deny(text_direction_codepoint_in_literal)] | ||
| /// fn main() { | ||
| /// println!("{:?}", ''); |
There was a problem hiding this comment.
How is this able to compile without an #[allow]? I've thought the lint also forbids usage in doc comments? Or are examples exempt?
There was a problem hiding this comment.
Interesting... The test itself is a compile_fail, but you're saying it should fail at the library level?
There was a problem hiding this comment.
@est31 is saying that the lint should trigger when compiling hidden_unicode_codepoints.rs because it appears in a doc-comment. Now that it is pointed out, clearly there's something amiss as well here.
There was a problem hiding this comment.
It's been pointed out on the main PR as well (should have checked that PR before making the comment): #90460 (review)
jieyouxu
added
the
L-text_direction_codepoint_in_literal
12 participants
This PR implements new lints to mitigate the impact of CVE-2021-42574, caused by the presence of bidirectional-override Unicode codepoints in the compiled source code. See the advisory for more information about the vulnerability.
The changes in this PR will be released in tomorrow's nightly release.