Add advisory for data race fix in futures-util (#455)

rustsec · Oct 30, 2020 · a36b118 · a36b118
1 parent 09a8d7b
commit a36b118
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/crates/futures-util/RUSTSEC-0000-0000.md b/crates/futures-util/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "futures-util"
+date = "2020-10-22"
+url = "https://github.com/rust-lang/futures-rs/issues/2239"
+categories = ["memory-corruption"]
+keywords = ["concurrency", "memory-corruption", "memory-management"]
+
+[affected]
+functions = { "futures_util::lock::MutexGuard::map" = [">= 0.3.2"] }
+
+[versions]
+patched = [">= 0.3.7"]
+unaffected = ["< 0.3.2"]
+```
+
+# MutexGuard::map can cause a data race in safe code
+Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U.
+
+This could of led to data races in safe Rust code when a closure used in MutexGuard::map() returns U that is unrelated to T.
+
+The issue was fixed by fixing `Send` and `Sync` implementations, and by adding a `PhantomData<&'a mut U>` marker to the `MappedMutexGuard` type to tell the compiler that the guard is over
+U too.