OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #463 from RustSec/assign-ids

Browse Source 
Assigned RUSTSEC-2020-0062 to futures-util
This commit is contained in:
Sergey "Shnatsel" Davidoff
2020-10-31 14:17:37 +01:00
committed by GitHub
parent 529c111e43 52cd103576
commit a0e59ff2f8
1 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
crates/futures-util/RUSTSEC-0000-0000.md → crates/futures-util/RUSTSEC-2020-0062.md
View File

@@ -1,25 +1,25 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "futures-util"
date = "2020-01-24"
url = "https://github.com/rust-lang/futures-rs/issues/2050"
categories = ["memory-corruption"]
keywords = ["concurrency", "memory-corruption", "memory-management"]
[affected]
functions = { "futures_util::stream::FuturesUnordered" = [">= 0.3.0"] }
[versions]
patched = [">= 0.3.2"]
unaffected = ["< 0.3.0"]
```
# Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption
Affected versions of the crate had an unsound `Sync` implementation on the `FuturesUnordered` structure, which used a `Cell` for
interior mutablity without any code to handle synchronized access to the underlying task list's length and head safely.
This could of lead to data corruption since two threads modifying the list at once could see incorrect values due to the lack
of access synchronization.
The issue was fixed by adding access synchronization code around insertion of tasks into the list.
```toml
[advisory]
id = "RUSTSEC-2020-0062"
package = "futures-util"
date = "2020-01-24"
url = "https://github.com/rust-lang/futures-rs/issues/2050"
categories = ["memory-corruption"]
keywords = ["concurrency", "memory-corruption", "memory-management"]
[affected]
functions = { "futures_util::stream::FuturesUnordered" = [">= 0.3.0"] }
[versions]
patched = [">= 0.3.2"]
unaffected = ["< 0.3.0"]
```
# Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption
Affected versions of the crate had an unsound `Sync` implementation on the `FuturesUnordered` structure, which used a `Cell` for
interior mutablity without any code to handle synchronized access to the underlying task list's length and head safely.
This could of lead to data corruption since two threads modifying the list at once could see incorrect values due to the lack
of access synchronization.
The issue was fixed by adding access synchronization code around insertion of tasks into the list.