OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 08:40:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Report 0031-abox to RustSec

Browse Source
This commit is contained in:
JOE1994
2021-01-25 10:44:44 -05:00
parent 2f59446902
commit d88f06e253
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/abox/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "abox"
date = "2020-11-10"
url = "https://github.com/SonicFrog/abox/issues/1"
categories = ["memory-corruption"]
[versions]
patched = [">= 0.4.1"]
```
# AtomicBox<T> implements Send/Sync for any `T: Sized`
Affected versions of this crate implements `Send`/`Sync` for `AtomicBox<T>` without requiring `T: Send`/`T: Sync`. This allows to create data races to `T: !Sync` and send `T: !Send` to another thread.
Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined behavior using safe Rust (e.g. memory corruption from data race).
The flaw was corrected in commit 34c2b9e by adding trait bound `T: Send` to `Send` impl for `AtomicBox<T>` and trait bound `T: Sync` to `Sync` impl for `AtomicBox<T>`.