mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-02 17:46:38 +01:00
Add advisory for data race in ruspiro-singleton
This commit is contained in:
Ammar Askar
24
crates/ruspiro-singleton/RUSTSEC-0000-0000.md
Normal file
24
crates/ruspiro-singleton/RUSTSEC-0000-0000.md
Normal file
@@ -0,0 +1,24 @@
|
||||
```toml
|
||||
[advisory]
|
||||
id = "RUSTSEC-0000-0000"
|
||||
package = "ruspiro-singleton"
|
||||
date = "2020-11-16"
|
||||
url = "https://github.com/RusPiRo/ruspiro-singleton/issues/10"
|
||||
categories = ["memory-corruption"]
|
||||
keywords = ["concurrency"]
|
||||
|
||||
[versions]
|
||||
patched = [">= 0.4.1"]
|
||||
```
|
||||
|
||||
# Singleton lacks bounds on Send and Sync.
|
||||
|
||||
`Singleton<T>` is meant to be a static object that can be initialized lazily. In
|
||||
order to satisfy the requirement that `static` items must implement `Sync`,
|
||||
`Singleton` implemented both `Sync` and `Send` unconditionally.
|
||||
|
||||
This allows for a bug where non-`Sync` types such as `Cell` can be used in
|
||||
singletons and cause data races in concurrent programs.
|
||||
|
||||
The flaw was corrected in commit `b0d2bd20e` by adding trait bounds, requiring
|
||||
the contaiend type to implement `Sync`.
|
||||
Reference in New Issue
Block a user