From 84eb2025f9b3741bfc45cc2fcbcaa001e0b2a8d9 Mon Sep 17 00:00:00 2001
From: Aleksey Kladov <aleksey.kladov@gmail.com>
Date: Sun, 1 Sep 2019 23:27:30 +0300
Subject: [PATCH] add advisory for once_cell (#143)

---
 crates/once_cell/RUSTSEC-0000-0000.toml | 31 +++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 crates/once_cell/RUSTSEC-0000-0000.toml

diff --git a/crates/once_cell/RUSTSEC-0000-0000.toml b/crates/once_cell/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..25a8ee8
--- /dev/null
+++ b/crates/once_cell/RUSTSEC-0000-0000.toml
@@ -0,0 +1,31 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "once_cell"
+
+date = "2019-09-01"
+
+title = "Panic during initialization of Lazy<T> might trigger undefined behavior"
+
+description = """
+If during the first dereference of Lazy<T> the initialization function panics,
+subsequent derefernces will execute `std::hints::unreachable_unchecked`.
+
+Applications with `panic = "abort"` are not affected, as there will be no
+subsequent dereferences.
+"""
+
+patched_versions = [">= 1.0.1"]
+
+unaffected_versions = ["< 0.2.5"]
+
+url = "https://github.com/matklad/once_cell/issues/46"
+
+keywords = ["undefined_behavior"]
+
+affected_functions = [
+    "once_cell::unsync::Lazy::force",
+    "once_cell::unsync::Lazy::deref",
+    "once_cell::sync::Lazy::force",
+    "once_cell::sync::Lazy::deref",
+]