OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 10:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Report 0084-autorand to RustSec

Browse Source
This commit is contained in:
JOE1994
2021-01-19 23:32:36 -05:00
parent 4250822874
commit 0638fb626e
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
crates/autorand/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,17 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "autorand"
date = "2020-12-31"
url = "https://github.com/mersinvald/autorand-rs/issues/5"
categories = ["memory-corruption"]
[versions]
patched = [">= 0.2.3"]
```
# `impl Random` on arrays can lead to dropping uninitialized memory
Affected versions of this crate had a panic safety issue to drop partially uninitialized array of `T` upon panic in a user provided function `T::random()`. Dropping uninitialized `T` can potentially cause memory corruption or undefined behavior.
The flaw was corrected in commit 565d508 by using `MaybeUninit<T>` to avoid possible dropping of uninitialized memory upon panic.