OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 09:36:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #675 from ammaraskar/tiny_future

Browse Source 
[patched] Add advisory for data race in tiny_future
This commit is contained in:
Sergey "Shnatsel" Davidoff
2021-01-25 00:44:13 +01:00
committed by GitHub
parent b8c3c5e244 4bfa224c9f
commit 5b856c10b8
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/tiny_future/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "tiny_future"
date = "2020-12-08"
url = "https://github.com/KizzyCode/tiny_future/issues/1"
categories = ["memory-corruption"]
keywords = ["concurrency"]
[versions]
patched = [">= 0.4.0"]
```
# Future<T> lacks bounds on Send and Sync.
`tiny_future` contains a light-weight implementation of `Future`s. The `Future`
type it has lacked bound on its `Send` and `Sync` traits.
This allows for a bug where non-thread safe types such as `Cell` can be used in
`Future`s and cause data races in concurrent programs.
The flaw was corrected in commit `c791919` by adding trait bounds to `Future`'s
`Send` and `Sync`.