oss-sec mailing list archives
Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code
From: Dave Horsfall <dave () horsfall org>
Date: Tue, 2 Nov 2021 03:53:12 +1100 (EST)
On Mon, 1 Nov 2021, Pietro Albini wrote:
The Rust Security Response WG was notified of a security concern affecting source code containing "bidirectional override" Unicode codepoints: in some cases the use of those codepoints could lead to the reviewed code being different than the compiled code.
[...]Am I the only one here who remembers the original ALGOL specification that what is printed on the paper is the language?
We've seen the same in the DNS, so I guess that it was only a matter of time.
-- Dave
Current thread:
- CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Pietro Albini (Oct 31)
- Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Jakub Wilk (Nov 01)
- Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Dave Horsfall (Nov 01)