From 6f2157cba41c25266fa79ac839b0b67aa5a58af9 Mon Sep 17 00:00:00 2001
From: Alice Ryhl <alice@ryhl.io>
Date: Thu, 8 Jul 2021 01:08:31 +0200
Subject: [PATCH] Add advisory for race condition in Tokio (#951)

* Add RUSTSEC for tokio#3929

* Update version range

* Wrap with code fences

* Add advisory information

* Add unaffected

* Don't use tilde in version specification

it's not yet supported by rustsec v0.24

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
---
 crates/tokio/RUSTSEC-0000-0000.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 crates/tokio/RUSTSEC-0000-0000.md

diff --git a/crates/tokio/RUSTSEC-0000-0000.md b/crates/tokio/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..a85fb41
--- /dev/null
+++ b/crates/tokio/RUSTSEC-0000-0000.md
@@ -0,0 +1,29 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "tokio"
+date = "2021-07-07"
+url = "https://github.com/tokio-rs/tokio/issues/3929"
+categories = ["memory-corruption"]
+keywords = ["race condition", "send"]
+
+[affected]
+functions = { "tokio::task::JoinHandle::abort" = ["<= 1.8.0, >= 0.3.0"] }
+
+[versions]
+patched = [">= 1.5.1, < 1.6.0", ">= 1.6.3, < 1.7.0", ">= 1.7.2, < 1.8.0", "^1.8.1"]
+unaffected = ["< 0.3.0"]
+```
+
+# Task dropped in wrong thread when aborting `LocalSet` task
+
+When aborting a task with `JoinHandle::abort`, the future is dropped in the
+thread calling abort if the task is not currently being executed. This is
+incorrect for tasks spawned on a `LocalSet`.
+
+This can easily result in race conditions as many projects use `Rc` or `RefCell`
+in their Tokio tasks for better performance.
+
+See [tokio#3929][issue] for more details.
+
+[issue]: https://github.com/tokio-rs/tokio/issues/3929