From 440964ecc7b0fd4882f4b91abfdeca8b97960d4a Mon Sep 17 00:00:00 2001
From: Lewis <lewismosciski86@gmail.com>
Date: Tue, 21 Oct 2025 21:32:47 +0800
Subject: [PATCH] Add advisory for zipora undefined behavior

Safe function fast_prefetch_range accepts raw pointer without validation, allowing pointer wraparound causing undefined behavior.
---
 crates/zipora/RUSTSEC-0000-0000.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 crates/zipora/RUSTSEC-0000-0000.md

diff --git a/crates/zipora/RUSTSEC-0000-0000.md b/crates/zipora/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..ccf0d00f6
--- /dev/null
+++ b/crates/zipora/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "zipora"
+date = "2025-10-21"
+url = "https://github.com/infinilabs/zipora/issues/10"
+informational = "unsound"
+categories = ["memory-corruption"]
+keywords = ["undefined-behavior", "soundness"]
+
+[affected.functions]
+"zipora::memory::simd_ops::fast_prefetch_range" = ["< 2.0.1"]
+
+[versions]
+patched = [">= 2.0.1"]
+```
+
+# Undefined behavior in fast_prefetch_range
+
+The safe function `fast_prefetch_range` accepts a raw pointer and size without validation, allowing safe code to trigger undefined behavior.
+
+The function passes these inputs directly to internal pointer arithmetic (`start.add(size)`) without checking whether the resulting pointer would wrap around the address space or point outside the original allocation. Computing such invalid pointers violates Rust's safety guarantees and causes immediate undefined behavior.
+
+Fixed in v2.0.1 by changing the API to accept a safe slice reference (`&[u8]`) instead of raw pointer and size.