From 5eacb752b4bb03dceb8a8e5bd8e3e7beadb63930 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Sun, 7 Jul 2019 18:45:21 +0200 Subject: [PATCH] improve summary --- crates/libflate/RUSTSEC-0000-0000.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/libflate/RUSTSEC-0000-0000.toml b/crates/libflate/RUSTSEC-0000-0000.toml index 0be70b0..d7cf380 100644 --- a/crates/libflate/RUSTSEC-0000-0000.toml +++ b/crates/libflate/RUSTSEC-0000-0000.toml @@ -2,7 +2,7 @@ id = "RUSTSEC-0000-0000" package = "libflate" date = "2019-07-04" -title = "MultiDecoder::read() drops uninitialized memory of arbitrary type if client code panics" +title = "MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code" description = """ Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in `MultiDecoder::read()` and reverted it to the original value after the function completed. However, execution of `MultiDecoder::read()` could be interrupted by a panic in caller-supplied `Read` implementation. This would cause `drop()` to be called on uninitialized memory of a generic type implementing `Read`.