add smallvec unsoundness (#337)

rustsec · Jul 24, 2020 · fca3269 · fca3269
1 parent 9ad6be8
commit fca3269
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/crates/smallvec/RUSTSEC-0000-0000.toml b/crates/smallvec/RUSTSEC-0000-0000.toml
@@ -0,0 +1,18 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "smallvec"
+date = "2018-09-25"
+informational = "unsound"
+
+title = "smallvec creates uninitialized value of any type"
+url = "https://github.com/servo/rust-smallvec/issues/126"
+
+description = """
+Affected versions of this crate called `mem::uninitialized()` to create values of a user-supplied type `T`.
+This is unsound e.g. if `T` is a reference type (which must be non-null and thus may not remain uninitialized).
+ 
+The flaw was corrected by avoiding the use of `mem::uninitialized()`, using `MaybeUninit` instead.
+"""
+
+[versions]
+patched = [">= 0.6.13"]