atty 0.2 has a potential unaligned read

Question

atty 0.2 has a potential unaligned read

djc opened this issue a year ago · comments

From cargo deny:

error[unsound]: Potential unaligned read
  ┌─ /Users/djc/src/flamegraph/Cargo.lock:4:1
  │
4 │ atty 0.2.14 registry+https://github.com/rust-lang/crates.io-index
  │ ----------------------------------------------------------------- unsound advisory detected
  │
  = ID: RUSTSEC-2021-0145
  = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0145
  = On windows, `atty` dereferences a potentially unaligned pointer.
    
    In practice however, the pointer won't be unaligned unless a custom global allocator is used.
    
    In particular, the `System` allocator on windows uses `HeapAlloc`, which guarantees a large enough alignment.
    
    # atty is Unmaintained
    
    A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.
    
    Last release of `atty` was almost 3 years ago.
    
    ## Possible Alternative(s)
    
    The below list has not been vetted in any way and may or may not contain alternatives;
    
     - [is-terminal](https://crates.io/crates/is-terminal)
     - std::io::IsTerminal *nightly-only experimental*
  = Announcement: https://github.com/softprops/atty/issues/50
  = Solution: No safe upgrade is available!
  = atty v0.2.14
    └── inferno v0.11.14
        └── flamegraph v0.6.2

Dirkjan Ochtman · Answer 1 · Fri Feb 10 2023 22:11:54 GMT+0800 (China Standard Time)

I think tracing-subscriber switched to nu-ansi-term. There is also an is_terminal crate, which I guess does everything you need here.

Jon Gjengset · Answer 2 · Sun Feb 12 2023 05:20:20 GMT+0800 (China Standard Time)

Moved to is-terminal in #280

Dirkjan Ochtman · Answer 3 · Sun Feb 12 2023 05:33:49 GMT+0800 (China Standard Time)

Cool, thanks!