diff options
| author | bors <bors@rust-lang.org> | 2021-11-01 07:14:16 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2021-11-01 07:14:16 +0000 |
| commit | 59eed8a2aac0230a8b53e89d4e99d55912ba6b35 (patch) | |
| tree | 4c5617dfb93a6e1cf6381c445e6a6ea3016bfb48 /compiler/rustc_lint_defs/src | |
| parent | 09c42c45858d5f3aedfa670698275303a3d19afa (diff) | |
| parent | 6552f7a75a4ee0f314ca5e87edc4c322d3f3eceb (diff) | |
| download | rust-1.56.1.tar.gz rust-1.56.1.zip | |
Auto merge of #90460 - pietroalbini:bidi-stable, r=nikomatsakis,pietroalbini 1.56.1
[stable] Fix CVE-2021-42574 and prepare Rust 1.56.1 This PR implements new lints to mitigate the impact of [CVE-2021-42574], caused by the presence of bidirectional-override Unicode codepoints in the compiled source code. [See the advisory][advisory] for more information about the vulnerability. The changes in this PR will be released later today as part of Rust 1.56.1. [CVE-2021-42574]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574 [advisory]: https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html
Diffstat (limited to 'compiler/rustc_lint_defs/src')
| -rw-r--r-- | compiler/rustc_lint_defs/src/builtin.rs | 28 | ||||
| -rw-r--r-- | compiler/rustc_lint_defs/src/lib.rs | 1 |
2 files changed, 29 insertions, 0 deletions
diff --git a/compiler/rustc_lint_defs/src/builtin.rs b/compiler/rustc_lint_defs/src/builtin.rs index 8fb678e2d20..e9cd30a058f 100644 --- a/compiler/rustc_lint_defs/src/builtin.rs +++ b/compiler/rustc_lint_defs/src/builtin.rs @@ -3416,3 +3416,31 @@ declare_lint! { Warn, "`break` expression with label and unlabeled loop as value expression" } + +declare_lint! { + /// The `text_direction_codepoint_in_comment` lint detects Unicode codepoints in comments that + /// change the visual representation of text on screen in a way that does not correspond to + /// their on memory representation. + /// + /// ### Example + /// + /// ```rust,compile_fail + /// #![deny(text_direction_codepoint_in_comment)] + /// fn main() { + /// println!("{:?}"); // ''); + /// } + /// ``` + /// + /// {{produces}} + /// + /// ### Explanation + /// + /// Unicode allows changing the visual flow of text on screen in order to support scripts that + /// are written right-to-left, but a specially crafted comment can make code that will be + /// compiled appear to be part of a comment, depending on the software used to read the code. + /// To avoid potential problems or confusion, such as in CVE-2021-42574, by default we deny + /// their use. + pub TEXT_DIRECTION_CODEPOINT_IN_COMMENT, + Deny, + "invisible directionality-changing codepoints in comment" +} diff --git a/compiler/rustc_lint_defs/src/lib.rs b/compiler/rustc_lint_defs/src/lib.rs index f89d531b5ef..feac2a7cfa4 100644 --- a/compiler/rustc_lint_defs/src/lib.rs +++ b/compiler/rustc_lint_defs/src/lib.rs @@ -306,6 +306,7 @@ pub enum BuiltinLintDiagnostics { TrailingMacro(bool, Ident), BreakWithLabelAndLoop(Span), NamedAsmLabel(String), + UnicodeTextFlow(Span, String), } /// Lints that are buffered up early on in the `Session` before the |