RUSTSEC-2022-0017: 
Rust vulnerability analysis and mitigation

A soundness issue was discovered in the array-macro Rust crate (RUSTSEC-2022-0017) where the implementation contains two uses of the $count expression that could evaluate to different values. This vulnerability affects the array-macro crate's implementation of array creation (GitLab Issue).

The vulnerability stems from the macro implementation containing $count in two distinct locations: in the array vector initialization let mut vec = $crate::__ArrayVec<_, {$count}>(unsafe { ... }); and in the loop condition while vec.0.len < $count. These expressions could evaluate differently, particularly when involving procedural macros or type-inference information affecting coercions (GitLab Issue).

When exploited, this vulnerability can lead to memory safety violations and potential segmentation faults in Rust programs using the array-macro crate. A proof-of-concept demonstrates that the issue can be triggered without using procedural macros by leveraging differences in type-inference information (GitLab Issue).

A proposed fix involves adding a function pub fn __array_vec_capacity(_: &__ArrayVec) -> usize { N } and modifying the loop condition to use while vec.0.len < $crate::__array_vec_capacity(&vec) to ensure consistent evaluation (GitLab Issue).