RUSTSEC-2021-0145: Potential unaligned read

[github-actions]

Potential unaligned read

Details
Status	unsound
Package	atty
Version	0.2.14
URL	softprops/atty#50
Date	2021-07-04

On windows, atty dereferences a potentially unaligned pointer.

In practice however, the pointer won't be unaligned unless a custom global allocator is used.

In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.

atty is Unmaintained

A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.

Last release of atty was almost 3 years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

• std::io::IsTerminal - Stable since Rust 1.70.0
• is-terminal - Standalone crate supporting Rust older than 1.70.0

See advisory page for additional details.

[toidiu]

We should migrate away from structopt and use clap directly.

cargo tree output shows that atty is only used in tests and comes from two dependencies. structopt has a 2.33 dependency on clap which is preventing us from updating clap. However, structopt is in maintenance mode and clap is the recommended path forward.

➜  s2n-quic git:(main) cargo tree -p atty -i
atty v0.2.14
├── clap v2.34.0
│   └── structopt v0.3.26
│       ├── s2n-quic-qns v0.1.0 (/Users/apoorvko/projects/s2n-quic/quic/s2n-quic-qns)
│       └── s2n-quic-sim v0.1.0 (/Users/apoorvko/projects/s2n-quic/quic/s2n-quic-sim)
└── criterion v0.4.0
    └── s2n-quic-bench v0.1.0 (/Users/apoorvko/projects/s2n-quic/quic/s2n-quic-bench)

[WesleyRosenblum]

#2324