BohuTANG opened a new issue #476: URL: https://github.com/apache/arrow-rs/issues/476
**Describe the bug** https://deps.rs/repo/github/apache/arrow-rs#vulnerabilities flatbuffers: `read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks RUSTSEC-2020-0009 The read_scalar and read_scalar_at functions are unsound because they allow transmuting values without unsafe blocks. The following example shows how to create a dangling reference: ``` fn main() { #[derive(Copy, Clone, PartialEq, Debug)] struct S(&'static str); impl flatbuffers::EndianScalar for S { fn to_little_endian(self) -> Self { self } fn from_little_endian(self) -> Self { self } } println!("{:?}", flatbuffers::read_scalar::<S>(&[1; std::mem::size_of::<S>()])); } ``` **To Reproduce** https://deps.rs/repo/github/apache/arrow-rs#vulnerabilities **Expected behavior** A clear and concise description of what you expected to happen. **Additional context** See [advisory page](https://rustsec.org/advisories/RUSTSEC-2020-0009.html) for additional details. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
