xcb connect_to_fd* constructors unsound (rustsec#2355)

En-En-Code · charlesxsh · commit 21ba72a37423 · 2025-10-03T09:41:29.000-04:00
diff --git a/crates/xcb/RUSTSEC-0000-0000.md b/crates/xcb/RUSTSEC-0000-0000.md
@@ -0,0 +1,32 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "xcb"
+date = "2025-08-05"
+url = "https://github.com/rust-x-bindings/rust-xcb/issues/282"
+references = [
+  "https://github.com/rust-x-bindings/rust-xcb/issues/167",
+  "https://github.com/rust-x-bindings/rust-xcb/pull/283"
+]
+informational = "unsound"
+
+[versions]
+patched = [">= 1.6.0"]
+
+[affected.functions]
+"xcb::Connection::connect_to_fd" = [">= 1.0.0-beta.0"]
+"xcb::Connection::connect_to_fd_with_extensions" = [">= 1.0.0-beta.0"]
+```
+
+# `xcb::Connection::connect_to_fd*` functions violate I/O safety
+
+The API of `xcb::Connection` has constructors which allow an arbitrary `RawFd`
+to be used as a socket connection. On either failure of these constructors or
+on the drop of `Connection`, it closes the associated file descriptor. Thus, a
+program which uses an `OwnedFd` (such as a `UnixStream`) as the file descriptor
+can close the file descriptor and continue to attempt using it or close an
+already-closed file descriptor, violating I/O safety.
+
+Starting in version 1.6.0, `xcb` provides `Connection::connect_with_fd` and
+`Connection::connect_with_fd_and_extensions` as safe alternatives and
+deprecates the problematic functions.
