From 3205a0919e692a406dc5e95ffa777199141869fa Mon Sep 17 00:00:00 2001
From: JOE1994 <joseph942010@gmail.com>
Date: Sun, 7 Mar 2021 00:29:24 -0500
Subject: [PATCH] Report 0090-endian_trait to RustSec

---
 crates/endian_trait/RUSTSEC-0000-0000.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 crates/endian_trait/RUSTSEC-0000-0000.md

diff --git a/crates/endian_trait/RUSTSEC-0000-0000.md b/crates/endian_trait/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..d1f3180
--- /dev/null
+++ b/crates/endian_trait/RUSTSEC-0000-0000.md
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "endian_trait"
+date = "2021-01-04"
+url = "https://gitlab.com/myrrlyn/endian_trait/-/issues/1"
+categories = ["memory-corruption"]
+
+[versions]
+patched = []
+```
+
+# panic in user-provided `Endian` impl triggers double drop of T
+
+Affected versions of the crate does not guard against panic from user-provided impl of `Endian` trait, which is a safe trait that users can implement.
+If a user-provided implementation of the `Endian` trait panics, double-drop is triggered due to the duplicated ownership of `T` created by `ptr::read()`.
+
+Double-drop (or double free) can cause memory corruption in the heap.