The affected version of this crate did not guard against accessing memory
beyond the range of its input data. A pointer cast to read the data into
a 256-bit register could lead to a segmentation fault when the end plus
the 32 bytes (256 bit) read would overlap into the next page during string
parsing.
page | ... page 1 ... | ... page 2 ... |
data | x[n * 32 byte]xx__ | |
access | ..][ 32 byte ] | |
segflt | [ 32 | byte ] |
This allows an attacker to eventually crash a service.
The flaw was corrected by using a padding buffer for the last read from the
input. So that we are we never read over the boundary of the input data.