OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-17 17:07:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

nanorand tls_rand aliased mutable references (#1051)

Browse Source 
* nanorand `tls_rand` aliased mutable references

* `TlsWyRand`, not `TlsRand`

* Add report title

whoops

* Remove invalid category

* add URL

* "UB" -> "undefined behavior"

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
This commit is contained in:
Cyborus04
2021-09-23 16:25:05 -04:00
committed by GitHub
parent d5c7ae1c71
commit a4b1d48e55
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/nanorand/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "nanorand"
date = "2021-09-23"
url = "https://github.com/Absolucy/nanorand-rs/issues/28"
keywords = ["memory-safety", "aliasing"]
[versions]
patched = [">= 0.6.1"]
unaffected = ["< 0.5.0"]
[affected]
functions = { "nanorand::tls::tls_rand" = [">= 0.5.0", "<= 0.6.0"] }
```
# Aliased mutable references from `tls_rand` & `TlsWyRand`
`TlsWyRand`'s implementation of `Deref` unconditionally dereferences a raw pointer, and returns
multiple mutable references to the same object, which is undefined behavior.