Skip to content

Commit

Permalink
Update SmallVec to 1.6.1
Browse files Browse the repository at this point in the history 
Fixes a buffer overflow: servo/rust-smallvec#252.

`spinoso-array` is not impacted because it does not use the vulnerable
`SmallVec::insert_many` API.
  • Loading branch information
@lopopolo
lopopolo committed Jan 8, 2021
1 parent c34ed16 commit cc127a4
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
4 changes: 2 additions & 2 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion spinoso-array/Cargo.toml
View file
Expand Up @@ -15,7 +15,9 @@ categories = ["data-structures", "no-std"]
[dependencies]
# 1.4.1 fixed UB when allocating zero-bytes for ZST element types.
# https://github.com/servo/rust-smallvec/releases/tag/v1.4.1
smallvec = { version = "1, >= 1.4.1", optional = true }
# 1.6.1 fixed a buffer overflow when calling `SmallVec::insert_many`.
# https://github.com/servo/rust-smallvec/issues/252
smallvec = { version = "1, >= 1.6.1", optional = true }

[features]
default = ["small-array"]
Expand Down

0 comments on commit cc127a4

Please sign in to comment.