OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 00:30:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

data race in lexer::ReaderResult<T, E>

Browse Source
This commit is contained in:
JOE1994
2021-01-19 10:22:30 -05:00
parent 3fbe06486f
commit 3ee158ea8f
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
crates/lexer/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,21 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "lexer"
date = "2020-11-10"
url = "https://gitlab.com/nathanfaucett/rs-lexer/-/issues/2"
categories = ["memory-corruption"]
[versions]
patched = []
```
# ReaderResult should be bounded by Sync
Affected versions of this crate implements `Sync` for `ReaderResult<T, E>` with the trait bound `T: Send, E: Send`.
Since matching on the public enum `ReaderResult<T, E>` provides access to `&T` & `&E`,
allowing data race to a non-Sync type `T` or `E`.
This can result in a memory corruption when multiple threads concurrently access `&T` or `&E`.
Suggested fix for the bug is change the trait bounds imposed on `T` & `E` to be `T: Sync, E: Sync`.