/advisory-db

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A bug in crossbeam v0.4.0 #75

Merged
merged 4 commits into from Dec 9, 2018

Conversation

Reviewers

@tarcieri tarcieri

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@stjepang @Shnatsel @tarcieri
@stjepang
Copy link
Contributor

stjepang commented Dec 9, 2018

No description provided.

@stjepang
A bug in crossbeam v0.4.0
Loading status checks…
fd45ce4

@stjepang stjepang referenced this pull request Dec 9, 2018

Merged

Use ManuallyDrop in queues #184

@Shnatsel

This comment has been minimized.

Sign in to view
Copy link

Shnatsel commented Dec 9, 2018

According to the version specification here 0.3.2 is vulnerable, and that's the most popular version right now according to crates.io download statistics: https://crates.io/crates/crossbeam

Is 0.3.2 really affected?
@stjepang
Mark < 0.4.0 as unaffected
Loading status checks…
e717bd7
@stjepang

This comment has been minimized.

Sign in to view
Copy link
Contributor

stjepang commented Dec 9, 2018

@Shnatsel I believe you're right. The bug only happened because we allowed the epoch GC to run destructors. Thanks for pointing this out!
@tarcieri

tarcieri reviewed Dec 9, 2018
View changes

crates/crossbeam/RUSTSEC-0000-0000.toml Outdated
@@ -0,0 +1,56 @@
[advisory]
# Identifier for the advisory (mandatory). Will be assigned a "RUSTSEC-YYYY-NNNN"

This comment has been minimized.

Sign in to view
Copy link
@tarcieri

tarcieri Dec 9, 2018

Member

Can you please remove the comments? Thanks!

This comment has been minimized.

Sign in to view
Copy link
@stjepang

stjepang Dec 9, 2018

Contributor

Done.
@stjepang
Remove comments
Loading status checks…
968e127
@tarcieri

tarcieri reviewed Dec 9, 2018
View changes

Show resolved Hide resolved crates/crossbeam/RUSTSEC-0000-0000.toml Outdated
@stjepang
Add memory-corruption
Loading status checks…
e769e16
@tarcieri

This comment has been minimized.

Sign in to view
Copy link
Member

tarcieri commented Dec 9, 2018

Looks good, thanks!

@tarcieri tarcieri merged commit c0fdc45 into RustSec:master Dec 9, 2018
1 check passed

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

tarcieri pushed a commit that referenced this pull request Dec 9, 2018

@tony-iqlusion
Assign RUSTSEC-2018-0009 to crossbeam 
Original PR: #75
Loading status checks…
dfe93bd

@tarcieri tarcieri referenced this pull request Dec 9, 2018

Merged

Assign RUSTSEC-2018-0009 to crossbeam #76

tarcieri added a commit that referenced this pull request Dec 9, 2018

@tarcieri
Assign RUSTSEC-2018-0009 to crossbeam 
Original PR: #75
Loading status checks…
33da41e
@tarcieri

This comment has been minimized.

Sign in to view
Copy link
Member

tarcieri commented Dec 9, 2018

Assigned RUSTSEC-2018-0009 in #76

@stjepang stjepang deleted the stjepang:crossbeam-0.4.0 branch Dec 9, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment