Passing a null pointer to slice::from_raw_parts is undefined behavior even for a zero-length slice. The git2 crate's Remote::list() method did exactly that when a remote advertised no references.
The Bug: Empty List, Non-Null Contract
The advisory filed in the RustSec database (RUSTSEC-0000-0000, dated 2026-05-12) documents the issue: Remote::list() hands a null pointer from the underlying libgit2 C call directly into the unsafe Rust function slice::from_raw_parts(). The safety section of that function explicitly requires that the pointer be non-null, even for a length of zero. Since the length is zero, many implementors might assume a null pointer is fine, but the Rust spec says otherwise. That's undefined behavior.
Affected Versions and Fix
The advisory marks all versions of git2 up to and including 0.20.4 as affected. Patched versions start at >0.20.4. The fix is already in the upstream repository: pull request #1250 in rust-lang/git2-rs. If you're using git2 and don't trust the UB to never bite you, update now.
This is a reminder that "zero-length slice" does not let you cheat on pointer validity. The Rust language definition is strict for a reason: compilers optimize assuming non-null pointers, and violating that can produce corrupted code generation even if the slice is empty. Pin your git2 dependency to >0.20.4 and move on.
Source: Add advisory for git2: Remote::list() with an empty list triggers UB
Domain: github.com
Comments load interactively on the live page.