Skip to content

Check UniformChar validity on deser#1790

Merged
dhardy merged 5 commits into
masterfrom
push-knozkvkrvwvk
Jun 28, 2026
Merged

Check UniformChar validity on deser#1790
dhardy merged 5 commits into
masterfrom
push-knozkvkrvwvk

Conversation

@dhardy

@dhardy dhardy commented Jun 18, 2026

Copy link
Copy Markdown
Member
  • Added a CHANGELOG.md entry

Summary

Prevent memory safety violation in UniformChar via deserialization.

@dhardy dhardy requested a review from tarcieri June 18, 2026 08:08
@dhardy dhardy force-pushed the push-knozkvkrvwvk branch from f8a79db to 1916448 Compare June 18, 2026 12:31
@dhardy dhardy requested a review from newpavlov June 18, 2026 18:34
Comment thread src/distr/uniform_int.rs Outdated
@dhardy dhardy merged commit db14664 into master Jun 28, 2026
18 checks passed
@dhardy dhardy deleted the push-knozkvkrvwvk branch June 28, 2026 09:15
dhardy added a commit that referenced this pull request Jul 3, 2026
Prevent memory safety violation in `UniformChar` via deserialization.
kodiakhq Bot pushed a commit to pdylanross/fatigue that referenced this pull request Jul 3, 2026
Bumps rand from 0.10.1 to 0.10.2.

Changelog
Sourced from rand's changelog.

[0.10.2] — 2026-07-02
Fixes

Fix possible memory safety violation due to deserialization of UniformChar from bad source (#1790)

Changes

Document required output order of fn partial_shuffle and apply #[must_use] (#1769)
Avoid usage of unsafe in contexts where non-local memory corruption could invalidate contract (#1791)

#1769: rust-random/rand#1769
#1790: rust-random/rand#1790
#1791: rust-random/rand#1791



Commits

1540ea3 Prepare rand 0.10.2 (#1800)
a29964a Bump chacha20 from 0.10.0 to 0.10.1 in the all-deps group (#1801)
ced9491 Tweak docs for RngExt::random_range and SampleRange (#1798)
db14664 Check UniformChar validity on deser (#1790)
bea8620 Bump the all-deps group with 2 updates (#1796)
4f44932 Bump actions/cache from 5 to 6 (#1795)
b999a13 Bump actions/checkout from 6 to 7 (#1794)
aeab810 Avoid unsafe where safety depends on non-local values (#1791)
1896d7c Add typos CI job (#1789)
43eddee Bump the all-deps group with 2 updates (#1788)
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants