OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 01:00:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for double-free in sys-info

Browse Source
This commit is contained in:
ABGH, C
2021-01-19 16:27:16 -06:00
parent 6a17b914ad
commit ad82bc5daa
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
crates/sys-info/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,27 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "sys-info"
date = "2020-01-19"
url = "https://github.com/FillZpp/sys-info-rs/issues/63"
categories = ["memory-corruption"]
keywords = ["concurrency", "double free"]
[versions]
patched = []
unaffected = []
[affected]
os = ["linux"]
functions = { "sys_info::disk_info" = ["<= 0.1.1"] }
```
# Double free when calling `sys_info::disk_info` from multiple threads
Affected versions of `sys-info` use a static, global, list to store temporary disk information while running. The function that cleans up this list,
`DFCleanup`, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment.
This results in consistent double-frees and segfaults when calling `sys_info::disk_info` from multiple threads at once.
## Safer Alternatives:
- [`sysinfo`](https://crates.io/crates/sysinfo)