Merge pull request #839 from ammaraskar/cgc

Add advisory for multiple issues in cgc
2026-02-23 15:38:27 +01:00 · 2021-03-26 20:10:17 +01:00
parent ca8a60b7be c8604c2616
commit 43c54feb9d
1 changed files with 25 additions and 0 deletions
--- a/crates/cgc/RUSTSEC-0000-0000.md
+++ b/crates/cgc/RUSTSEC-0000-0000.md
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "cgc"
+date = "2020-12-10"
+url = "https://github.com/playXE/cgc/issues/5"
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "aliasing", "concurrency"]
+
+[versions]
+patched = []
+```
+
+# Multiple soundness issues in `Ptr`
+
+Affected versions of this crate have the following issues:
+
+1. `Ptr` implements `Send` and `Sync` for all types, this can lead to data
+   races by sending non-thread safe types across threads.
+
+2. `Ptr::get` violates mutable alias rules by returning multiple mutable
+   references to the same object.
+
+3. `Ptr::write` uses non-atomic writes to the underlying pointer. This means
+   that when used across threads it can lead to data races.