Fixes API soundness issue in join()

[Qwaz]

Fixes #80335

[rust-highfive]

r? @joshtriplett

(rust-highfive has picked a reviewer for you, use r? to override)

[Dylan-DPC-zz]

@joshtriplett any updates?

[joshtriplett]

One nit regarding updating an adjacent comment. r=me with that fixed.

[Qwaz]

I'm not familiar with rustbot commands, so I'm not sure I'm doing this correctly 😅

r=@joshtriplett

[Qwaz]

@bors r=@joshtriplett

[bors]

@Qwaz: 🔑 Insufficient privileges: Not in reviewers

[Qwaz]

@Dylan-DPC @joshtriplett It seems that I don't have permission to run r= commands. Could you check again?

[JohnTitor]

@bors r=joshtriplett

[bors]

📌 Commit 26a6270 has been approved by joshtriplett

[bors]

⌛ Testing commit 26a6270 with merge 5208f63...

[bors]

☀️ Test successful - checks-actions
Approved by: joshtriplett
Pushing 5208f63 to master...

[cuviper]

This PR was cited as the fix for CVE-2020-36323, so I'm nominating it for beta.

[JohnTitor]

The CVE description says:

In the standard library in Rust before 1.50.3

I'm not sure I'm following it correctly but it doesn't seem correct for me. It should be "before 1.52.0" if we backport this to beta?

[cuviper]

I expect they meant 1.53.0, and yes that should become 1.52.0 if we backport.

[JohnTitor]

@cuviper Thanks for checking, is there a way to correct it by our hand? Nvm, I found it and sent an update request: https://cve.mitre.org/cve/update_cve_records.html

[cuviper]

@Qwaz I believe you were involved in filing the recent CVEs -- do you have a way to make such updates?

[Qwaz]

Nvm, I found it and sent an update request: https://cve.mitre.org/cve/update_cve_records.html

This is the official way that I know.

[wesleywiser]

We discussed this in the compiler team triage meeting this morning and decided to approve the backport.