This repository contains the list of memory safety and soundness bugs found in Rust by Rudra project.
You can find all new bugs found during the research under poc/ directory.
All unreported but valid bugs are listed in unreported/ directory (independently fixed, maintainers are already aware of the issue, etc.).
Note that this list includes manually found bugs and the bugs from earlier experimental pattern (UnsafeDestructor) that wasn't included in the Rudra paper.
These are not included in the number of bugs found by Rudra in the paper but left here for the completeness.
Analyzer
- M: Manual
- D: UnsafeDestructor
- SV: SendSyncVariance
- UD: UnsafeDataflow
Bug Class
- SV: SendSyncVariance
- UE: UninitExposure
- HO: HigherOrderInvariant
- PS: PanicSafety
- O: Other
| ID | Crate | Bugs | Issue Report | RustSec ID |
|---|---|---|---|---|
| 0000 | rulinalg | M-O 1 |  |
 |
| 0001 | http | M-O 2 | hyperium/http#353 and hyperium/http#354 |  |
| 0002 | http | M-O 1 |  |
 |
| 0003 | ozone | M-O 1 | N/A |  |
| 0004 | rocket | M-O 1 |  |
 |
| 0005 | failure | M-O 1 |  |
 |
| 0006 | alpm-rs | M*-O 1 |  |
 |
| 0007 | alg_ds | M*-O 1 / UD*-O 1 |  |
 |
| 0008 | arr | M*-O 3 / SV-SV 2 |  |
 |
| 0009 | chunky | M*-O 1 |  |
 |
| 0010 | crayon | M*-HO 1 |  |
 |
| 0011 | obstack | M*-O 2 |  |
 |
| 0012 | ordnung | M*-O 2 / UD-PS 1 |  |
 |
| 0013 | simple-slab | M*-O 2 |  |
 |
| 0014 | sized-chunks | M*-O 4 / M*-PS 2 |  |
 |
| 0015 | atom | SV-SV 2 |  |
 |
| 0016 | stack | M*-O 2 |  |
 |
| 0017 | array-queue | M*-O 2 |  |
 |
| 0018 | dync | M*-O 1 |  |
 |
| 0019 | futures | SV-SV 2 |  |
 |
| 0020 | beef | SV*-SV 1 |  |
 |
| 0021 | futures-intrusive | SV*-SV 1 |  |
 |
| 0022 | atomic-option | SV-SV 1 |  |
 |
| 0023 | convec | SV-SV 2 |  |
 |
| 0024 | lock_api | SV-SV 5 |  |
 |
| 0025 | im | SV-SV 2 |  |
 |
| 0026 | may_queue | SV-SV 4 |  |
 |
| 0027 | libsbc | SV-SV 1 |  |
 |
| 0028 | lever | SV-SV 2 |  |
 |
| 0029 | lexer | SV-SV 1 |  |
 |
| 0030 | cache | SV-SV 2 |  |
 |
| 0031 | abox | SV-SV 2 |  |
 |
| 0032 | conqueue | SV-SV 3 |  |
 |
| 0033 | hashconsing | SV-SV 2 |  |
 |
| 0034 | model | SV-SV 2 |  |
 |
| 0035 | late-static | SV-SV 1 |  |
 |
| 0036 | bunch | SV-SV 2 |  |
 |
| 0037 | concread | SV-SV 2 |  |
 |
| 0038 | parc | SV-SV 1 |  |
 |
| 0039 | rcu_cell | SV-SV 2 |  |
 |
| 0040 | appendix | SV-SV 2 |  |
 |
| 0041 | unicycle | SV-SV 4 |  |
 |
| 0042 | toolshed | SV-SV 1 |  |
 |
| 0043 | scottqueue | SV-SV 2 |  |
 |
| 0044 | signal-simple | SV-SV 2 |  |
 |
| 0045 | ruspiro-singleton | SV-SV 2 |  |
 |
| 0046 | generator | SV-SV 1 |  |
 |
| 0047 | try-mutex | SV-SV 2 |  |
 |
| 0048 | ticketed_lock | SV-SV 2 |  |
 |
| 0049 | slock | SV-SV 2 |  |
 |
| 0050 | magnetic | SV-SV 13 |  |
 |
| 0051 | syncpool | SV-SV 1 |  |
 |
| 0052 | reffers | SV-SV 2 |  |
 |
| 0053 | bottle | M*-O 2 |  |
Not Reported Yet |
| 0054 | tiny_future | SV-SV 2 |  |
 |
| 0055 | thex | SV-SV 2 | N/A |  |
| 0056 | gfwx | SV-SV 2 |  |
 |
| 0057 | async-coap | SV-SV 2 |  |
 |
| 0058 | dces | SV-SV 1 |  |
 |
| 0059 | arc-swap | M*-O 1 |  |
 |
| 0060 | noise_search | SV-SV 2 |  |
 |
| 0061 | aovec | SV-SV 2 | N/A |  |
| 0062 | cgc | SV-SV 2 / M*-O 2 |  |
 |
| 0063 | xcb | M*-O 1 |  |
 |
| 0064 | disrustor | SV-SV 2 / M*-O 1 |  |
 |
| 0065 | v9 | SV-SV 1 |  |
 |
| 0066 | kekbit | SV-SV 1 |  |
 |
| 0067 | max7301 | SV-SV 2 |  |
 |
| 0068 | buttplug | SV-SV 2 |  |
 |
| 0069 | rusb | SV-SV 4 |  |
 |
| 0070 | multiqueue2 | SV-SV 4 |  |
 |
| 0071 | eventio | SV-SV 1 |  |
 |
| 0072 | tensorflow | SV-SV 2 |  |
Not Reported Yet |
| 0073 | stderr | SV-SV 1 / M*-O 1 |  |
 |
| 0074 | conquer-once | SV-SV 1 |  |
 |
| 0075 | shine-stdext | SV-SV 5 / M*-O 1 |  |
Not Reported Yet |
| 0076 | shine-store | SV-SV 9 |  |
Not Reported Yet |
| 0077 | va-ts | SV-SV 1 |  |
 |
| 0078 | abi_stable | UD-PS 2 |  |
 |
| 0079 | acc_reader | UD-UE 2 |  |
 |
| 0080 | bite | UD-UE 1 |  |
 |
| 0081 | buffoon | UD-UE 1 |  |
 |
| 0082 | array_iterator | M*-O 1 |  |
Not Reported Yet |
| 0083 | array-tools | UD-PS 1 |  |
 |
| 0084 | autorand | UD-PS 1 |  |
 |
| 0085 | cdr | UD-UE 1 |  |
 |
| 0086 | bra | UD-UE 1 |  |
 |
| 0087 | bronzedb-protocol | UD-UE 2 |  |
 |
| 0088 | binjs_io | UD-UE 4 |  |
 |
| 0089 | fil-ocl | UD-PS 1 / M*-PS 1 |  |
 |
| 0090 | endian_trait | UD-PS 4 |  |
 |
| 0091 | cassandra-proto | UD-UE 1 |  |
Not Reported Yet |
| 0092 | csv-sniffer | UD-UE 1 |  |
 |
| 0093 | glium | UD-UE 1 |  |
Not Reported Yet |
| 0094 | foreignc | UD*-O 1 / M*-O 1 |  |
Not Reported Yet |
| 0095 | calamine | UD-UE 1 / M*-O 1 |  |
 |
| 0096 | av-data | UD*-O 1 |  |
 |
| 0097 | bam | UD-UE 1 / M*-O 1 |  |
 |
| 0098 | ash | UD-UE 1 |  |
 |
| 0099 | claxon | UD-UE 2 |  |
Not Reported Yet |
| 0100 | flumedb | UD-UE 2 |  |
 |
| 0101 | gfx-auxil | UD-UE 1 |  |
 |
| 0102 | columnar | UD-UE 1 |  |
 |
| 0103 | smallvec | UD*-O 1 |  |
 |
| 0104 | dnssector | UD*-HO 1 |  |
Not Reported Yet |
| 0105 | basic_dsp_matrix | UD-PS 6 |  |
 |
| 0106 | glsl-layout | UD-PS 1 |  |
 |
| 0107 | adtensor | UD-PS 2 |  |
 |
| 0108 | containers | UD-PS 2 |  |
 |
| 0109 | arenavec | UD-PS 3 |  |
 |
| 0110 | libp2p-deflate | UD-UE 1 |  |
 |
| 0111 | insert_many | UD-PS 2 |  |
 |
| 0112 | ms3d | UD-UE 1 |  |
 |
| 0113 | marc | UD-UE 1 |  |
 |
| 0114 | livesplit-core | UD-UE 2 |  |
Not Reported Yet |
| 0115 | messagepack-rs | UD-UE 4 |  |
 |
| 0116 | blockbuffers | UD-PS 1 | N/A | Not Reported Yet |
| 0117 | ot | UD-UE 1 |  |
Not Reported Yet |
| 0118 | postscript | UD-UE 1 |  |
 |
| 0119 | quick-protobuf | UD-UE 1 |  |
Not Reported Yet |
| 0120 | osm_pbf_iter | UD-UE 1 |  |
Not Reported Yet |
| 0121 | pumpkindb_client | UD-UE 1 |  |
Not Reported Yet |
| 0122 | outer_cgi | UD-UE 1 |  |
 |
| 0123 | qwutils | UD-PS 1 |  |
 |
| 0124 | rdiff | UD-HO 1 |  |
 |
| 0125 | multiqueue | SV-SV 4 |  |
 |
| 0126 | office | UD-UE 1 |  |
 |
| 0127 | balloons | UD-UE 1 |  |
Not Reported Yet |
| 0128 | rblas | UD-UE 3 |  |
Not Reported Yet |
| 0129 | pulse-simple | UD-HO 2 |  |
Not Reported Yet |
| 0130 | libretro-backend | UD-PS 1 |  |
Not Reported Yet |
| 0131 | rocket_http | UD-PS 1 |  |
 |
| 0132 | truetype | UD-UE 1 |  |
 |
| 0133 | zero-formatter | UD-UE 1 |  |
Not Reported Yet |
| 0134 | telemetry | UD-PS 1 |  |
 |
| 0135 | rucene | UD-UE 1 |  |
Not Reported Yet |
| 0136 | skulpin-renderer | UD-UE 1 |  |
Not Reported Yet |
| 0137 | tectonic_xdv | UD-UE 1 |  |
 |
| 0138 | uu_od | UD-UE 1 |  |
 |
| 0139 | slice | UD-UE 1 |  |
Not Reported Yet |
| 0140 | through | UD-PS 2 |  |
 |
| 0141 | scratchpad | UD-PS 2 |  |
 |
| 0142 | toodee | UD-PS 1 / UD-HO 1 |  |
 |
| 0143 | smallvec-stableunion | UD*-O 1 |  |
Not Reported Yet |
| 0144 | smallstr | UD-PS 1 |  |
Not Reported Yet |
| 0145 | slice-deque | UD-PS 1 |  |
 |
| 0146 | stackvector | UD-HO 1 |  |
 |
| 0147 | speedy | UD-UE 1 |  |
Not Reported Yet |
| 0148 | sha | UD-UE 2 |  |
Not Reported Yet |
| 0149 | ruyi | UD-UE 1 |  |
Not Reported Yet |
| 0150 | stack_dst | UD-PS 1 |  |
 |
| 0151 | topq | UD-PS 2 |  |
Not Reported Yet |
| 0152 | shared-mutex | M*-SV 1 |  |
Not Reported Yet |
| 0153 | reorder | UD-HO 1 |  |
 |
| 0154 | serde-fressian | UD-O 1 |  |
Not Reported Yet |
| 0155 | bayer | UD-O 1 |  |
Not Reported Yet |
| 0156 | concread | UD-PS 1 |  |
Not Reported Yet |
| 0157 | id-map | UD-PS 3 |  |
 |
| 0158 | nano_arena | UD-HO 2 |  |
 |
| 0159 | byte_struct | UD-PS 1 |  |
 |
| 0160 | serde-gff | UD-UE 3 |  |
Not Reported Yet |
| 0161 | parallel-event-emitter | SV-SV 1 |  |
Not Reported Yet |
| 0162 | internment | SV-SV 1 |  |
 |
| 0163 | algorithmica | UD-PS 1 |  |
 |
| 0164 | metrics-util | SV-SV 2 |  |
 |