Description
This issue was previously reported privately and is now being disclosed following coordination with maintainers.
Rows::row() computes row + 1 without overflow checking. When the addition wraps, bounds checks may pass incorrectly, leading to invalid indexing.
This can result in a potential out-of-bounds read via safe Rust APIs.
Fix
See PR #9817
Reported by Sungjin Kim (@ksj1230)
Description
This issue was previously reported privately and is now being disclosed following coordination with maintainers.
Rows::row()computesrow + 1without overflow checking. When the addition wraps, bounds checks may pass incorrectly, leading to invalid indexing.This can result in a potential out-of-bounds read via safe Rust APIs.
Fix
See PR #9817
Reported by Sungjin Kim (@ksj1230)