Merge pull request #374 from Qwaz/0012-ordnung

ordnung: Memory safety issues in `compact::Vec`
2026-01-01 09:10:25 +01:00 · 2020-09-03 12:47:00 +02:00
parent 68e0e1f7c0 d5811c82b2
commit 0cee8f8f4d
1 changed files with 15 additions and 0 deletions
--- a/crates/ordnung/RUSTSEC-0000-0000.toml
+++ b/crates/ordnung/RUSTSEC-0000-0000.toml
@@ -0,0 +1,15 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ordnung"
+date = "2020-09-03"
+title = "Memory safety issues in `compact::Vec`"
+url = "https://github.com/maciejhirsz/ordnung/issues/8"
+description = """
+`compact::Vec` contains multiple memory safety issues.
+
+1. It mishandles large capacity and causes out-of-bound access in 32-bit / allocator layout mismatch in 64-bit.
+2. `remove()` is not panic-safe and causes double-free when an index larger than the length is provided.
+"""
+
+[versions]
+patched = []