OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 01:26:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Report 0048-ticketed_lock to RustSec

Browse Source
This commit is contained in:
JOE1994
2021-01-24 20:19:27 -05:00
parent 0290f2ba88
commit a4abf5bb3f
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/ticketed_lock/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "ticketed_lock"
date = "2020-11-17"
url = "https://github.com/kvark/ticketed_lock/issues/7"
categories = ["memory-corruption"]
[versions]
patched = [">= 0.3.0"]
```
# ReadTicket and WriteTicket should only be sendable when T is Send
Affected versions of this crate unconditionally implemented `Send` for `ReadTicket<T>` & `WriteTicket<T>`.
This allows to send non-Send `T` to other threads.
This can allows creating data races by cloning types with internal mutability and sending them to other threads (as `T` of `ReadTicket<T>`/`WriteTicket<T>`). Such data races can cause memory corruption or other undefined behavior.
The flaw was corrected in commit a986a93 by adding `T: Send` bounds to `Send` impls of `ReadTicket<T>`/`WriteTicket<T>`.