OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-20 10:31:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #612 from JOE1994/0084-autorand

Browse Source 
autorand: `impl Random` on arrays can lead to dropping uninitialized memory
This commit is contained in:
Sergey "Shnatsel" Davidoff
2021-01-20 20:04:30 +01:00
committed by GitHub
parent 46c1424ad2 0638fb626e
commit 3c18ffd713
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
crates/autorand/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,17 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "autorand"
date = "2020-12-31"
url = "https://github.com/mersinvald/autorand-rs/issues/5"
categories = ["memory-corruption"]
[versions]
patched = [">= 0.2.3"]
```
# `impl Random` on arrays can lead to dropping uninitialized memory
Affected versions of this crate had a panic safety issue to drop partially uninitialized array of `T` upon panic in a user provided function `T::random()`. Dropping uninitialized `T` can potentially cause memory corruption or undefined behavior.
The flaw was corrected in commit 565d508 by using `MaybeUninit<T>` to avoid possible dropping of uninitialized memory upon panic.