-
Notifications
You must be signed in to change notification settings - Fork 354
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add advisory for unsound Sync implemention on FuturesUnordered in fut…
…ures-util
- Loading branch information
1 parent
9cd2504
commit 47bfd9f
Showing
1 changed file
with
25 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
```toml | ||
[advisory] | ||
id = "RUSTSEC-0000-0000" | ||
package = "futures-util" | ||
date = "2020-01-24" | ||
url = "https://github.com/rust-lang/futures-rs/issues/2050" | ||
categories = ["memory-corruption"] | ||
keywords = ["concurrency", "memory-corruption", "memory-management"] | ||
|
||
[affected] | ||
functions = { "futures_util::stream::FuturesUnordered" = [">= 0.3.0"] } | ||
|
||
[versions] | ||
patched = [">= 0.3.2"] | ||
unaffected = ["< 0.3.0"] | ||
``` | ||
|
||
# Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption | ||
Affected versions of the crate had an unsound `Sync` implementation on the `FuturesUnordered` structure, which used a `Cell` for | ||
interior mutablity without any code to handle synchronized access to the underlying task list's length and head safely. | ||
|
||
This could of lead to data corruption since two threads modifying the list at once could see incorrect values due to the lack | ||
of access synchronization. | ||
|
||
The issue was fixed by adding access synchronization code around insertion of tasks into the list. |