OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-05 19:20:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update advisory for 'noise_search' crate

Browse Source
This commit is contained in:
Youngsuk Kim
2021-01-31 23:24:23 -05:00
committed by GitHub
parent 313915b6c1
commit 7ef8c3d234
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crates/noise_search/RUSTSEC-0000-0000.md
View File

@@ -13,6 +13,6 @@ patched = []
# MvccRwLock allows data races & aliasing violations
Affected versions of this crate unconditionally implement Send/Sync for `MvccRwLock`.
This can lead to data races when non Send types like `Cell<T>` or `Rc<T>` are contained inside `MvccRwLock` and sent across thread boundaries. The data races can potentially lead to memory corruption (as demonstrated in the PoC from the original report issue).
This can lead to data races when types that are either `!Send` or `!Sync` (e.g. `Rc<T>`, `Arc<Cell<_>>`) are contained inside `MvccRwLock` and sent across thread boundaries. The data races can potentially lead to memory corruption (as demonstrated in the PoC from the original report issue).
Also, safe APIs of `MvccRwLock` allow aliasing violations by allowing `&T` and `LockResult<MutexGuard<Box<T>>>` to co-exist in conflicting lifetime regions. The APIs of `MvccRwLock` should either be marked as `unsafe` or `MbccRwLock` should be changed to private or pub(crate).
Also, safe APIs of `MvccRwLock` allow aliasing violations by allowing `&T` and `LockResult<MutexGuard<Box<T>>>` to co-exist in conflicting lifetime regions. The APIs of `MvccRwLock` should either be marked as `unsafe` or `MbccRwLock` should be changed to private or pub(crate).