惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
V
Visual Studio Blog
The GitHub Blog
The GitHub Blog
Apple Machine Learning Research
Apple Machine Learning Research
J
Java Code Geeks
T
Tailwind CSS Blog
大猫的无限游戏
大猫的无限游戏
Jina AI
Jina AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Hugging Face - Blog
Hugging Face - Blog
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
罗磊的独立博客
人人都是产品经理
人人都是产品经理
H
Heimdal Security Blog
Last Week in AI
Last Week in AI
博客园 - 【当耐特】
Cyberwarzone
Cyberwarzone
Google DeepMind News
Google DeepMind News
雷峰网
雷峰网
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
Microsoft Azure Blog
Microsoft Azure Blog
MyScale Blog
MyScale Blog
A
About on SuperTechFans
V2EX - 技术
V2EX - 技术
小众软件
小众软件
博客园 - Franky
博客园 - 司徒正美
P
Privacy International News Feed
爱范儿
爱范儿
U
Unit 42
博客园 - 叶小钗
The Hacker News
The Hacker News
C
Check Point Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Simon Willison's Weblog
Simon Willison's Weblog
N
News and Events Feed by Topic
D
Docker
T
Threatpost
MongoDB | Blog
MongoDB | Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
H
Help Net Security
L
LINUX DO - 最新话题
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
S
SegmentFault 最新的问题
A
Arctic Wolf
Spread Privacy
Spread Privacy

Rust Blog

Security Advisory for Cargo (CVE-2026-5223) | Rust Blog Security Advisory for Cargo (CVE-2026-5222) | Rust Blog Project goals update — April 2026 (end of 2025H2) | Rust Blog Rust is participating in Outreachy | Rust Blog Raising the baseline for the `nvptx64-nvidia-cuda` target | Rust Blog Announcing Google Summer of Code 2026 selected projects | Rust Blog Announcing Rust 1.95.0 | Rust Blog docs.rs: building fewer targets by default | Rust Blog Changes to WebAssembly targets and handling undefined symbols | Rust Blog Announcing Rust 1.94.1 | Rust Blog Security advisory for Cargo | Rust Blog What we heard about Rust's challenges | Rust Blog Call for Testing: Build Dir Layout v2 | Rust Blog Announcing rustup 1.29.0 | Rust Blog Announcing Rust 1.94.0 | Rust Blog 2025 State of Rust Survey Results | Rust Blog Rust debugging survey 2026 | Rust Blog Update on the October 15, 2018 incident on crates.io Announcing Rust 1.29.2 Announcing Rust 1.29 Launching the 2018 State of Rust Survey Announcing Rust 1.28 What is Rust 2018? Announcing Rust 1.27.2 Announcing Rust 1.27.1 Security Advisory for rustdoc Announcing Rust 1.27 Announcing Rust 1.26.2 Announcing Rust 1.26.1 Rust turns three Announcing Rust 1.26 The Rust Team All Hands in Berlin: a Recap Increasing Rust’s Reach 2018 Announcing Rust 1.25 Rust's 2018 roadmap Announcing Rust 1.24.1 Announcing Rust 1.24 The 2018 Rust Event Lineup Announcing Rust 1.23 New Year's Rust: A Call for Community Blogposts Rust in 2017: what we achieved Announcing Rust 1.22 (and 1.22.1) Fearless Concurrency in Firefox Quantum Announcing Rust 1.21 impl Future for Rust Rust 2017 Survey Results Announcing Rust 1.20 Announcing Rust 1.19 The 2017 Rust Conference Lineup Rust's 2017 roadmap, six months in Increasing Rust’s Reach Announcing Rust 1.18 Two years of Rust The Rust Libz Blitz Launching the 2017 State of Rust Survey Announcing Rust 1.17 Announcing Rust 1.16 Rust's language ergonomics initiative Rust's 2017 roadmap Announcing Rust 1.15 Announcing Rust 1.14 Announcing the First Underhanded Rust Contest Announcing Rust 1.13 Announcing Rust 1.12.1 Announcing Rust 1.12 Incremental Compilation Announcing Rust 1.11 Shape of errors to come The 2016 Rust Conference Lineup Announcing Rust 1.10 State of Rust Survey 2016 Announcing Rust 1.9 One year of Rust Taking Rust everywhere with rustup Launching the 2016 State of Rust Survey Cargo: predictable dependency management Introducing MIR Announcing Rust 1.8 Announcing Rust 1.7 Announcing Rust 1.6 Announcing Rust 1.5 Announcing Rust 1.4 Announcing Rust 1.3 Rust in 2016 Announcing Rust 1.2 Rust 1.1 stable, the Community Subteam, and RustCamp Announcing Rust 1.0 Abstraction without overhead: traits in Rust Rust Once, Run Everywhere Mixing matching, mutation, and moves in Rust Fearless Concurrency with Rust Announcing Rust 1.0 Beta Announcing Rust 1.0.0.alpha.2 Rust 1.0: status report and final timeline Announcing Rust 1.0 Alpha Rust 1.0: Scheduling the trains Yehuda Katz and Steve Klabnik are joining the Rust Core Team Cargo: Rust's community crate host Stability as a Deliverable Road to Rust 1.0
Announcing Rust 1.15.1
The Rust Core Team · 2017-02-09 · via Rust Blog

The Rust team is happy to announce the latest version of Rust, 1.15.1. Rust is a systems programming language focused on safety, speed, and concurrency.

If you have a previous version of Rust installed, getting Rust 1.15.1 is as easy as:

$ rustup update stable

If you don't have it already, you can download Rust from the appropriate page on our website, and check out the detailed release notes for 1.15.1 on GitHub.

What's in 1.15.1 stable

This release fixes two issues, a soundness bug in the new vec::IntoIter::as_mut_slice method, and a regression wherein certain C components of the Rust distribution were not compiled with -fPIC. The latter results in the text section of executables being writable in some configurations, including common Linux configurations, subverting an important attack mitigation, and creating longer startup times by causing the linker to do more work. For mostly-Rust codebases, the practical impact of losing read-only text sections is relatively small (since Rust's type system is its first line of defense), but for Rust linked into other codebases the impact could be unexpectedly quite significant. PIC issues are well understood and not Rust-specific, so the rest of this post focuses on the soundness bug.

The problem with as_mut_slice, a three line function, was discovered just minutes after publishing Rust 1.15.0, and is a reminder of the perils of writing unsafe code.

as_mut_slice is a method on the IntoIter iterator for the Vec type that offers a mutable view into the buffer being iterated over. Conceptually it is simple: just return a reference to the buffer; and indeed the implementation is simple, but it's unsafe because IntoIter is implemented with an unsafe pointer to the buffer:

pub fn as_mut_slice(&self) -> &mut [T] {
    unsafe {
        slice::from_raw_parts_mut(self.ptr as *mut T, self.len())
    }
}

It's just about the simplest unsafe method one could ask for. Can you spot the error? Our reviewers didn't! This API slipped through the cracks because it is such a standard and small one. It's a copy-paste bug that the reviewers glossed over. This method takes a shared reference and unsafely derives from it a mutable reference. That is totally bogus because it means as_mut_slice can be used to produce multiple mutable references to the same buffer, which is the one single thing you must not do in Rust.

Here's a simple example of what this bug would let you write, incorrectly:

fn main() {
    let v = vec![0];
    let v_iter = v.into_iter();
    let slice1: &mut [_] = v_iter.as_mut_slice();
    let slice2: &mut [_] = v_iter.as_mut_slice();
    slice1[0] = 1;
    slice2[0] = 2;
}

Here both slice1 and slice2 are referencing the same mutable slice. Also notice that the iterator they are created from, v_iter is not declared mutable, which is a good indication something fishy is going on.

The solution here is trivial, just change &self to &mut self:

pub fn as_mut_slice(&mut self) -> &mut [T] {
    unsafe {
        slice::from_raw_parts_mut(self.ptr as *mut T, self.len())
    }
}

With that, proper uniqueness invariants are maintained, only one mutable slice can be created at a time, and v_iter must be declared mutable in order to pull out a mutable slice.

So we made that change, and we're releasing a fix. In Rust we take pride in not breaking APIs, but since this is a new, minor feature, and the present implementation is spectacularly unsound, we decided to go ahead and release the fix immediately, hopefully before too many codebases pick it up — that is, we don't consider this a breaking change that requires a careful transition, but a necessary bug fix. For more about Rust's approach to ensuring stability see the "Stability as a Deliverable" blog post, RFC 1122, on language evolution, and RFC 1105, on library evolution.

We're still evaluating what to learn from this, but this is a good reminder of the care that must be taken when writing unsafe code. We have some ideas for how to catch this kind of problem earlier in the development process, but haven't made any decisions yet.

We apologize for the inconvenience. Let's go hack.

Contributors to 1.15.1

We had 2 individuals contribute to Rust 1.15.1. Thanks!