From 4fc43f9a2ac11c6e0abf1b176c6e0a1c138be840 Mon Sep 17 00:00:00 2001 From: JOE1994 Date: Tue, 19 Jan 2021 22:48:04 -0500 Subject: [PATCH] Report 0056-gfwx to RustSec --- crates/gfwx/RUSTSEC-0000-0000.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 crates/gfwx/RUSTSEC-0000-0000.md diff --git a/crates/gfwx/RUSTSEC-0000-0000.md b/crates/gfwx/RUSTSEC-0000-0000.md new file mode 100644 index 0000000..0808952 --- /dev/null +++ b/crates/gfwx/RUSTSEC-0000-0000.md @@ -0,0 +1,19 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "gfwx" +date = "2020-12-08" +url = "https://github.com/Devolutions/gfwx-rs/issues/7" +categories = ["memory-corruption"] + +[versions] +patched = [">= 0.3.0"] +``` + +# ImageChunkMut needs bounds on its Send and Sync traits + +In the affected versions of this crate, `ImageChunkMut<'_, T>` unconditionally implements `Send` and `Sync`, allowing to create data races. + +This can result in a memory corruption or undefined behavior when non thread-safe types are moved and referenced across thread boundaries. + +The flaw was corrected in commit e7fb2f5 by adding `T: Send` bound to the `Send` impl and adding `T: Sync` bound to the `Sync` impl.