From ad82bc5daa65cb281ddef9ae2d38a24f3fc824b6 Mon Sep 17 00:00:00 2001
From: "ABGH, C" <>
Date: Tue, 19 Jan 2021 16:27:16 -0600
Subject: [PATCH] Add advisory for double-free in sys-info

---
 crates/sys-info/RUSTSEC-0000-0000.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 crates/sys-info/RUSTSEC-0000-0000.md

diff --git a/crates/sys-info/RUSTSEC-0000-0000.md b/crates/sys-info/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..9a92dd3
--- /dev/null
+++ b/crates/sys-info/RUSTSEC-0000-0000.md
@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "sys-info"
+date = "2020-01-19"
+url = "https://github.com/FillZpp/sys-info-rs/issues/63"
+categories = ["memory-corruption"]
+keywords = ["concurrency", "double free"]
+
+[versions]
+patched = []
+unaffected = []
+
+[affected]
+os = ["linux"]
+functions = { "sys_info::disk_info" = ["<= 0.1.1"] }
+```
+
+# Double free when calling `sys_info::disk_info` from multiple threads
+
+Affected versions of `sys-info` use a static, global, list to store temporary disk information while running. The function that cleans up this list,
+`DFCleanup`, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment.
+
+This results in consistent double-frees and segfaults when calling `sys_info::disk_info` from multiple threads at once.
+
+## Safer Alternatives:
+ - [`sysinfo`](https://crates.io/crates/sysinfo)
\ No newline at end of file