A use-after-free bug in Diesel's SqliteConnection::deserialize_readonly_database means any caller who dropped the byte buffer before the database connection could have silently operated on freed memory — until the 2.3.10 patch.
The Bug: A Use-After-Free Lurking in Safe Rust API
Diesel lets you load a SQLite database from a &[u8] buffer at runtime. Internally, that buffer gets passed straight to libsqlite3. The problem? libsqlite3 expects the buffer to remain alive for the lifetime of the database connection, but Diesel's safe API didn't enforce that invariant. If you dropped the buffer early — say, because the function returned and the caller released the bytes — libsqlite3 would happily read freed memory. That's a classic use-after-free, and in a systems language like Rust it shouldn't happen through a safe API.
Fix: Diesel Now Owns the Buffer
The Diesel maintainers fixed this in version 2.3.10 by having SqliteConnection store a copy of the buffer inside itself. Now the buffer lives exactly as long as the connection object. No more dangling pointer risk for callers who follow the safe API. The commit (1bc2ea46d9840e8d9af844239d3c84f37fe7d84b) is straightforward: allocate, copy, keep.
What This Means for Users
If you're using deserialize_readonly_database on Diesel < 2.3.10, update immediately. The advisory (RUSTSEC-0000-0000) notes the unsound classification, which in RustSec parlance means a safe function that can cause undefined behavior. This one is entirely avoidable: the fix is a simple ownership change that makes the API actually safe. Upgrading to >= 2.3.10 eliminates the risk without any API change.
Source: Another Diesel Advisory
Domain: github.com
Comments load interactively on the live page.