OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9e4db05abcf230899dbe46983bb4b4e76074e637
advisory-db/crates/signal-simple/RUSTSEC-2020-0126.md
Yechan Bae a19397dee4 Add thread-safety category to relevant bugs
2021-01-30 23:02:50 -05:00

795 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0126"
package = "signal-simple"
date = "2020-11-15"
url = "https://github.com/kitsuneninetails/signal-rust/issues/2"
categories = ["memory-corruption", "thread-safety"]

[versions]
patched = []

SyncChannel can move 'T: !Send' to other threads

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel<T>. SyncChannel<T> doesn't provide access to &T but merely serves as a channel that consumes and returns owned T.

Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs. Using T = Arc<Cell<_> allows to create data races (which can lead to memory corruption), and using T = MutexGuard<T> allows to unlock a mutex from a thread that didn't lock the mutex.