Skip to content

Commit

Permalink
add crossbeam queue advisory
Browse files Browse the repository at this point in the history
  • Loading branch information
@RalfJung
RalfJung committed May 10, 2022
1 parent 7975ad6 commit fbfdc6c
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 0 deletions.
18 changes: 18 additions & 0 deletions crates/crossbeam-queue/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "crossbeam-queue"
date = "2022-05-10"
informational = "unsound"
url = "https://github.com/crossbeam-rs/crossbeam/pull/458"

[versions]
patched = [">= 0.2.3"]
```

# `SegQueue` creates zero value of any type

Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`.
This is unsound e.g. if `T` is a reference type (which must be non-null).

The flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.
18 changes: 18 additions & 0 deletions crates/crossbeam/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "crossbeam"
date = "2022-05-10"
informational = "unsound"
url = "https://github.com/crossbeam-rs/crossbeam/pull/458"

[versions]
patched = [">= 0.7.0"]
```

# `SegQueue` creates zero value of any type

Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`.
This is unsound e.g. if `T` is a reference type (which must be non-null).

The flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.

0 comments on commit fbfdc6c

Please sign in to comment.