You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
use std::cell::Cell;use try_lock::{Locked,TryLock};// run in debug mode for clearly visible UBfnmain(){let cell = Cell::new(Ok::<&[usize],&[()]>(&[]));let lock = TryLock::new(cell);// now this guard is `Sync`!let guard:Locked<'_,Cell<_>> = lock.try_lock().unwrap();let bad_slice = std::thread::scope(|s| {let handle = s.spawn(|| {// now we got a shared `&Cell` into another thread!let r:&Cell<_> = &guard;// racey-race…loop{let s = r.get();ifletOk(v) = s {if !v.is_empty(){break v;}}}});let r:&Cell<_> = &guard;// racey-race…loop{
r.set(Ok(&[]));
r.set(Err(&[(); usize::MAX]));if handle.is_finished(){break;}}
handle.join().unwrap()});println!("Here’s all your memory :-)\n{bad_slice:?}");}
The text was updated successfully, but these errors were encountered:
Ah, there was a PR already.. I didn't look at PRs when reporting this, so I wasn't aware ;-)
However, the bounds are overly restrictive now, which might be problematic, since this is a semver-minor version bump, so better introduce only as little breakage as necessary for fixing soundness. The Send implementation should be bound on T: Send and the Sync one on T: Sync.
This can be achieved by adding a set of manual unsafe impls.
As documented we have:
which is incorrect. It needs to be
instead.
Exploitation:
The text was updated successfully, but these errors were encountered: