Add advisory for multiple issues in cgc

rustsec · Mar 26, 2021 · c8604c2 · c8604c2
1 parent ca8a60b
commit c8604c2
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/crates/cgc/RUSTSEC-0000-0000.md b/crates/cgc/RUSTSEC-0000-0000.md
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "cgc"
+date = "2020-12-10"
+url = "https://github.com/playXE/cgc/issues/5"
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "aliasing", "concurrency"]
+
+[versions]
+patched = []
+```
+
+# Multiple soundness issues in `Ptr`
+
+Affected versions of this crate have the following issues:
+
+1. `Ptr` implements `Send` and `Sync` for all types, this can lead to data
+   races by sending non-thread safe types across threads.
+
+2. `Ptr::get` violates mutable alias rules by returning multiple mutable
+   references to the same object.
+
+3. `Ptr::write` uses non-atomic writes to the underlying pointer. This means
+   that when used across threads it can lead to data races.