From 735a9dbbe23f3e3ee4830645afdac74dd92dd9f2 Mon Sep 17 00:00:00 2001 From: JOE1994 Date: Sun, 24 Jan 2021 21:52:25 -0500 Subject: [PATCH 1/2] Report 0027-libsbc to RustSec --- crates/libsbc/RUSTSEC-0000-0000.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 crates/libsbc/RUSTSEC-0000-0000.md diff --git a/crates/libsbc/RUSTSEC-0000-0000.md b/crates/libsbc/RUSTSEC-0000-0000.md new file mode 100644 index 0000000..81997d3 --- /dev/null +++ b/crates/libsbc/RUSTSEC-0000-0000.md @@ -0,0 +1,20 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "libsbc" +date = "2020-11-10" +url = "https://github.com/mvertescher/libsbc-rs/issues/4" +categories = ["memory-corruption"] +informational = "unsound" + +[versions] +patched = [">= 0.1.5"] +``` + +# Minor soundness issue with Decoder's Send trait + +Affected versions of this crate implements `Send` for `Decoder` for any `R: Read`. This allows to use `R: !Send` in `Decoder` to send a non-Send type to another thread. + +This can result in undefined behavior such as memory corruption from data race on `R`, or dropping `R = MutexGuard<_>` from a thread that didn't lock the mutex. + +The flaw was corrected in commit a34d6e1 by adding trait bound `R: Send` to the `Send` impl for `Decoder`. From 0850c3b0d34c3c3efbecfe36e69df9c3e115c4c6 Mon Sep 17 00:00:00 2001 From: Youngsuk Kim Date: Mon, 25 Jan 2021 09:39:39 -0500 Subject: [PATCH 2/2] Clarify description for issue found in 'libsbc' --- crates/libsbc/RUSTSEC-0000-0000.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/libsbc/RUSTSEC-0000-0000.md b/crates/libsbc/RUSTSEC-0000-0000.md index 81997d3..70a605d 100644 --- a/crates/libsbc/RUSTSEC-0000-0000.md +++ b/crates/libsbc/RUSTSEC-0000-0000.md @@ -11,9 +11,9 @@ informational = "unsound" patched = [">= 0.1.5"] ``` -# Minor soundness issue with Decoder's Send trait +# `Decoder` can carry `R: !Send` to other threads -Affected versions of this crate implements `Send` for `Decoder` for any `R: Read`. This allows to use `R: !Send` in `Decoder` to send a non-Send type to another thread. +Affected versions of this crate implements `Send` for `Decoder` for any `R: Read`. This allows `Decoder` to contain `R: !Send` and carry (move) it to another thread. This can result in undefined behavior such as memory corruption from data race on `R`, or dropping `R = MutexGuard<_>` from a thread that didn't lock the mutex.