A Rust advisory just dropped for a bug that should make every Rustacean wince: the i_tree crate exposed safe public methods that silently used Vec::get_unchecked without validating the index. Give them an arbitrary u32, and you get undefined behavior — no unsafe block required.
The Bug: Safe Methods Hiding Unsafe Indexing
i_tree versions before 0.10.0 shipped Tree::node and Tree::mut_node as public safe functions. Both accepted a u32 index and passed it straight to Vec::get_unchecked / get_unchecked_mut on the internal buffer. No bounds check. If a caller passed an out-of-bounds index, the compiler happily produced a dangling shared or mutable reference. That's undefined behavior on the other side of a safe API, which violates Rust's core safety guarantee.
Fix: Restructuring Removes Vulnerable Accessors
Commit a948b891cf159233bfed5b16bf185268fd9e1985 in the iShape-Rust/iTree repo restructured the crate so those accessors are no longer reachable from outside the crate. Version 0.10.0 is the patched release. The RustSec advisory database entry (RUSTSEC-0000-0000) lists the affected functions and the fix commit, and references the issue tracker thread for more context.
This one is a reminder that get_unchecked is a loaded weapon: it's not just unsafe to call; it's unsafe to expose through a safe API unless you can prove the index is always in bounds. i_tree didn't prove it. The advisory's informational = "unsound" tag is exactly right — this is about soundness, not just a memory corruption bug. Expect more automated advisories like this as the Rust ecosystem tightens its bounds-checking culture.
Source: Add advisory for unsound unchecked node accessors in i_tree
Domain: github.com
Comments load interactively on the live page.