From 77e7352bbe64e7142a41cff1ca7a8bbff3e215bb Mon Sep 17 00:00:00 2001 From: Niko Matsakis Date: Thu, 21 Jun 2018 14:32:34 -0400 Subject: [PATCH 1/4] rename `pat_ty` to `pat_ty_adjusted` for clarity --- src/librustc/middle/mem_categorization.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/librustc/middle/mem_categorization.rs b/src/librustc/middle/mem_categorization.rs index 4688f6708d34f..b717986dce984 100644 --- a/src/librustc/middle/mem_categorization.rs +++ b/src/librustc/middle/mem_categorization.rs @@ -517,7 +517,7 @@ impl<'a, 'gcx, 'tcx> MemCategorizationContext<'a, 'gcx, 'tcx> { /// implicit deref patterns attached (e.g., it is really /// `&Some(x)`). In that case, we return the "outermost" type /// (e.g., `&Option). - fn pat_ty(&self, pat: &hir::Pat) -> McResult> { + fn pat_ty_adjusted(&self, pat: &hir::Pat) -> McResult> { // Check for implicit `&` types wrapping the pattern; note // that these are never attached to binding patterns, so // actually this is somewhat "disjoint" from the code below @@ -1283,7 +1283,7 @@ impl<'a, 'gcx, 'tcx> MemCategorizationContext<'a, 'gcx, 'tcx> { }; for (i, subpat) in subpats.iter().enumerate_and_adjust(expected_len, ddpos) { - let subpat_ty = self.pat_ty(&subpat)?; // see (*2) + let subpat_ty = self.pat_ty_adjusted(&subpat)?; // see (*2) let interior = InteriorField(FieldIndex(i, Name::intern(&i.to_string()))); let subcmt = Rc::new(self.cat_imm_interior(pat, cmt.clone(), subpat_ty, interior)); self.cat_pattern_(subcmt, &subpat, op)?; @@ -1306,7 +1306,7 @@ impl<'a, 'gcx, 'tcx> MemCategorizationContext<'a, 'gcx, 'tcx> { }; for fp in field_pats { - let field_ty = self.pat_ty(&fp.node.pat)?; // see (*2) + let field_ty = self.pat_ty_adjusted(&fp.node.pat)?; // see (*2) let f_index = self.tcx.field_index(fp.node.id, self.tables); let cmt_field = Rc::new(self.cat_field(pat, cmt.clone(), f_index, fp.node.name, field_ty)); @@ -1325,7 +1325,7 @@ impl<'a, 'gcx, 'tcx> MemCategorizationContext<'a, 'gcx, 'tcx> { ref ty => span_bug!(pat.span, "tuple pattern unexpected type {:?}", ty), }; for (i, subpat) in subpats.iter().enumerate_and_adjust(expected_len, ddpos) { - let subpat_ty = self.pat_ty(&subpat)?; // see (*2) + let subpat_ty = self.pat_ty_unadjusted(&subpat)?; // see (*2) let interior = InteriorField(FieldIndex(i, Name::intern(&i.to_string()))); let subcmt = Rc::new(self.cat_imm_interior(pat, cmt.clone(), subpat_ty, interior)); self.cat_pattern_(subcmt, &subpat, op)?; From e11d9ddb7d53ae13df447ddb1ebfd2fe380fde88 Mon Sep 17 00:00:00 2001 From: Niko Matsakis Date: Thu, 21 Jun 2018 14:32:52 -0400 Subject: [PATCH 2/4] use `pat_ty_adjusted` from `expr_use_visitor` to type of arguments --- src/librustc/middle/expr_use_visitor.rs | 3 ++- src/librustc/middle/mem_categorization.rs | 2 +- src/test/ui/borrowck/issue-51415.nll.stderr | 9 +++++++++ src/test/ui/borrowck/issue-51415.rs | 21 +++++++++++++++++++++ src/test/ui/borrowck/issue-51415.stderr | 12 ++++++++++++ 5 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 src/test/ui/borrowck/issue-51415.nll.stderr create mode 100644 src/test/ui/borrowck/issue-51415.rs create mode 100644 src/test/ui/borrowck/issue-51415.stderr diff --git a/src/librustc/middle/expr_use_visitor.rs b/src/librustc/middle/expr_use_visitor.rs index 49aa0cc4f7b49..bfa08a4dbde2b 100644 --- a/src/librustc/middle/expr_use_visitor.rs +++ b/src/librustc/middle/expr_use_visitor.rs @@ -313,7 +313,8 @@ impl<'a, 'gcx, 'tcx> ExprUseVisitor<'a, 'gcx, 'tcx> { debug!("consume_body(body={:?})", body); for arg in &body.arguments { - let arg_ty = return_if_err!(self.mc.node_ty(arg.pat.hir_id)); + let arg_ty = return_if_err!(self.mc.pat_ty_adjusted(&arg.pat)); + debug!("consume_body: arg_ty = {:?}", arg_ty); let fn_body_scope_r = self.tcx().mk_region(ty::ReScope(region::Scope::Node(body.value.hir_id.local_id))); diff --git a/src/librustc/middle/mem_categorization.rs b/src/librustc/middle/mem_categorization.rs index b717986dce984..fa668678ece12 100644 --- a/src/librustc/middle/mem_categorization.rs +++ b/src/librustc/middle/mem_categorization.rs @@ -517,7 +517,7 @@ impl<'a, 'gcx, 'tcx> MemCategorizationContext<'a, 'gcx, 'tcx> { /// implicit deref patterns attached (e.g., it is really /// `&Some(x)`). In that case, we return the "outermost" type /// (e.g., `&Option). - fn pat_ty_adjusted(&self, pat: &hir::Pat) -> McResult> { + pub fn pat_ty_adjusted(&self, pat: &hir::Pat) -> McResult> { // Check for implicit `&` types wrapping the pattern; note // that these are never attached to binding patterns, so // actually this is somewhat "disjoint" from the code below diff --git a/src/test/ui/borrowck/issue-51415.nll.stderr b/src/test/ui/borrowck/issue-51415.nll.stderr new file mode 100644 index 0000000000000..79454b635263c --- /dev/null +++ b/src/test/ui/borrowck/issue-51415.nll.stderr @@ -0,0 +1,9 @@ +error[E0507]: cannot move out of borrowed content + --> $DIR/issue-51415.rs:16:47 + | +LL | let opt = a.iter().enumerate().find(|(_, &s)| { + | ^ cannot move out of borrowed content + +error: aborting due to previous error + +For more information about this error, try `rustc --explain E0507`. diff --git a/src/test/ui/borrowck/issue-51415.rs b/src/test/ui/borrowck/issue-51415.rs new file mode 100644 index 0000000000000..9067a50a8476d --- /dev/null +++ b/src/test/ui/borrowck/issue-51415.rs @@ -0,0 +1,21 @@ +// Copyright 2014 The Rust Project Developers. See the COPYRIGHT +// file at the top-level directory of this distribution and at +// http://rust-lang.org/COPYRIGHT. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +// Regression test for #51415: match default bindings were failing to +// see the "move out" implied by `&s` below. + +fn main() { + let a = vec![String::from("a")]; + let opt = a.iter().enumerate().find(|(_, &s)| { + //~^ ERROR cannot move out + *s == String::from("d") + }).map(|(i, _)| i); + println!("{:?}", opt); +} diff --git a/src/test/ui/borrowck/issue-51415.stderr b/src/test/ui/borrowck/issue-51415.stderr new file mode 100644 index 0000000000000..b4b0bc7594305 --- /dev/null +++ b/src/test/ui/borrowck/issue-51415.stderr @@ -0,0 +1,12 @@ +error[E0507]: cannot move out of borrowed content + --> $DIR/issue-51415.rs:16:46 + | +LL | let opt = a.iter().enumerate().find(|(_, &s)| { + | ^- + | || + | |hint: to prevent move, use `ref s` or `ref mut s` + | cannot move out of borrowed content + +error: aborting due to previous error + +For more information about this error, try `rustc --explain E0507`. From 0d2d842eec9e35dd25bbdd0304ec9e08d320d29d Mon Sep 17 00:00:00 2001 From: steveklabnik Date: Sat, 7 Jul 2018 10:45:45 -0600 Subject: [PATCH 3/4] Apply security patch for rustdoc CVE number has not yet been assigned, patch made by steveklabnik. --- src/librustdoc/lib.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/librustdoc/lib.rs b/src/librustdoc/lib.rs index 059d41698953d..19bfc74063edc 100644 --- a/src/librustdoc/lib.rs +++ b/src/librustdoc/lib.rs @@ -681,8 +681,14 @@ where R: 'static + Send, } } + if !plugins.is_empty() && plugin_path.is_none() { + eprintln!("ERROR: You must pass --plugin-path to use --plugins"); + std::process::exit(1); + } + + // Load all plugins/passes into a PluginManager - let path = plugin_path.unwrap_or("/tmp/rustdoc/plugins".to_string()); + let path = plugin_path.unwrap_or("/usr/lib64/rustdoc/plugins".to_string()); let mut pm = plugins::PluginManager::new(PathBuf::from(path)); for pass in &passes { let plugin = match passes::PASSES.iter() From fdbe5b4fa1de5036a45de474f60d417d1f5e4a05 Mon Sep 17 00:00:00 2001 From: Mark Rousskov Date: Tue, 3 Jul 2018 15:05:35 -0600 Subject: [PATCH 4/4] Release notes 1.27.1 --- RELEASES.md | 23 +++++++++++++++++++++++ src/bootstrap/channel.rs | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/RELEASES.md b/RELEASES.md index 64b7cd3e2c4bf..c2e93a72df02e 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -1,3 +1,26 @@ +Version 1.27.1 (2018-07-10) +=========================== + +Security Notes +-------------- + +- rustdoc would execute plugins in the /tmp/rustdoc/plugins directory + when running, which enabled executing code as some other user on a + given machine. This release fixes that vulnerability; you can read + more about this on the [blog][rustdoc-sec]. + + Thank you to Red Hat for responsibily disclosing this vulnerability to us. + +Compatibility Notes +------------------- + +- The borrow checker was fixed to avoid an additional potential unsoundness when using + match ergonomics: [#51415][51415], [#49534][49534]. + +[51415]: https://github.com/rust-lang/rust/issues/51415 +[49534]: https://github.com/rust-lang/rust/issues/49534 +[rustdoc-sec]: https://blog.rust-lang.org/2018/07/06/security-advisory-for-rustdoc.html + Version 1.27.0 (2018-06-21) ========================== diff --git a/src/bootstrap/channel.rs b/src/bootstrap/channel.rs index 3453933a9652c..25a709ccbb091 100644 --- a/src/bootstrap/channel.rs +++ b/src/bootstrap/channel.rs @@ -24,7 +24,7 @@ use Build; use config::Config; // The version number -pub const CFG_RELEASE_NUM: &str = "1.27.0"; +pub const CFG_RELEASE_NUM: &str = "1.27.1"; pub struct GitInfo { inner: Option,