From ba83b81ec41fb269ddbe2bad835fce737dc6d1e4 Mon Sep 17 00:00:00 2001 From: Taiki Endo Date: Sun, 11 Oct 2020 16:57:44 +0900 Subject: [PATCH] Add advisory for UB in crossbeam-channel 0.4.3 --- crates/crossbeam-channel/RUSTSEC-0000-0000.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 crates/crossbeam-channel/RUSTSEC-0000-0000.md diff --git a/crates/crossbeam-channel/RUSTSEC-0000-0000.md b/crates/crossbeam-channel/RUSTSEC-0000-0000.md new file mode 100644 index 0000000..f2d6691 --- /dev/null +++ b/crates/crossbeam-channel/RUSTSEC-0000-0000.md @@ -0,0 +1,15 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "crossbeam-channel" +date = "2020-06-26" +url = "https://github.com/crossbeam-rs/crossbeam/pull/533" + +[versions] +patched = [">= 0.4.4"] +unaffected = ["< 0.4.3"] +``` + +# Undefined Behavior in bounded channel + +The affected version of this crate's the `bounded` channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements.