DeepSource

Manual implementations of Error::type_id can cause memory unsafety. Overriding the default implementation of Error::type_id can violate Rust's safety guarantees.

If the Error::type_id method is overridden, any type can be cast to any other type in safe Rust code. This can result in memory safety vulnerabilities, for e.g., out-of-bounds read or write. Consider inheriting the default implementation of Error::type_id.

Vulnerable code sample:

struct MyType;

impl Error for MyType {
    fn type_id(&self) -> TypeId {
        // Enable safe casting to `String` by accident.
        TypeId::of::<String>()
    }
}

When combined with Error::downcast family of methods, the above implementation can enable safe type casting to String.

References

Security Advisory by the Rust Core Team
CVE-2019-12083

Rust

Manual implementation of Error::type_id RS-S1001

References

Manual implementation of `Error::type_id` RS-S1001