From 8e49577153ac83a387669c9b53af347a145bc957 Mon Sep 17 00:00:00 2001
From: Rafael <shinmaoX2016@gmail.com>
Date: Sat, 28 Dec 2024 12:50:19 -0500
Subject: [PATCH] Report unsoundness of xous (#2179)

---
 crates/xous/RUSTSEC-0000-0000.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 crates/xous/RUSTSEC-0000-0000.md

diff --git a/crates/xous/RUSTSEC-0000-0000.md b/crates/xous/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..e73327bfe
--- /dev/null
+++ b/crates/xous/RUSTSEC-0000-0000.md
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "xous"
+date = "2024-12-23"
+url = "https://github.com/betrusted-io/xous-core/issues/410"
+references = ["https://github.com/betrusted-io/xous-core/pull/411"]
+categories = []
+keywords = []
+informational = "unsound"
+
+[versions]
+patched = [">= 0.9.51"]
+
+[affected]
+functions = {"xous::definitions::MemoryRange::as_slice" = ["< 0.9.51"], "xous::definitions::MemoryRange::as_slice_mut" = ["< 0.9.51"]}
+```
+
+# Unsound usages of `core::slice::from_raw_parts` 
+
+We consider `as_slice` and `as_slice_mut` unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated `from_parts`. We consider that `from_parts` should be removed in latest version because it will help trigger unsoundness in `as_slice`. With new declared as unsafe, `as_slice` should also declared as unsafe.  
+
+This was patched in by marking two functions as `unsafe`.
\ No newline at end of file