From 9cd2504f399630fb49359ba110901048f64213f4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 30 Oct 2020 19:55:47 -0400 Subject: [PATCH] Assigned RUSTSEC-2020-0059 to futures-util (#456) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- ...TSEC-0000-0000.md => RUSTSEC-2020-0059.md} | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) rename crates/futures-util/{RUSTSEC-0000-0000.md => RUSTSEC-2020-0059.md} (94%) diff --git a/crates/futures-util/RUSTSEC-0000-0000.md b/crates/futures-util/RUSTSEC-2020-0059.md similarity index 94% rename from crates/futures-util/RUSTSEC-0000-0000.md rename to crates/futures-util/RUSTSEC-2020-0059.md index dead199b9..d080143fc 100644 --- a/crates/futures-util/RUSTSEC-0000-0000.md +++ b/crates/futures-util/RUSTSEC-2020-0059.md @@ -1,24 +1,24 @@ -```toml -[advisory] -id = "RUSTSEC-0000-0000" -package = "futures-util" -date = "2020-10-22" -url = "https://github.com/rust-lang/futures-rs/issues/2239" -categories = ["memory-corruption"] -keywords = ["concurrency", "memory-corruption", "memory-management"] - -[affected] -functions = { "futures_util::lock::MutexGuard::map" = [">= 0.3.2"] } - -[versions] -patched = [">= 0.3.7"] -unaffected = ["< 0.3.2"] -``` - -# MutexGuard::map can cause a data race in safe code -Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. - -This could of led to data races in safe Rust code when a closure used in MutexGuard::map() returns U that is unrelated to T. - -The issue was fixed by fixing `Send` and `Sync` implementations, and by adding a `PhantomData<&'a mut U>` marker to the `MappedMutexGuard` type to tell the compiler that the guard is over -U too. +```toml +[advisory] +id = "RUSTSEC-2020-0059" +package = "futures-util" +date = "2020-10-22" +url = "https://github.com/rust-lang/futures-rs/issues/2239" +categories = ["memory-corruption"] +keywords = ["concurrency", "memory-corruption", "memory-management"] + +[affected] +functions = { "futures_util::lock::MutexGuard::map" = [">= 0.3.2"] } + +[versions] +patched = [">= 0.3.7"] +unaffected = ["< 0.3.2"] +``` + +# MutexGuard::map can cause a data race in safe code +Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. + +This could of led to data races in safe Rust code when a closure used in MutexGuard::map() returns U that is unrelated to T. + +The issue was fixed by fixing `Send` and `Sync` implementations, and by adding a `PhantomData<&'a mut U>` marker to the `MappedMutexGuard` type to tell the compiler that the guard is over +U too.