Skip to content

Commit

Permalink
Add advisory for data race in ruspiro-singleton
Browse files Browse the repository at this point in the history
  • Loading branch information
@ammaraskar
ammaraskar committed Jan 22, 2021
1 parent c6a1282 commit f7307c1
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions crates/ruspiro-singleton/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "ruspiro-singleton"
date = "2020-11-16"
url = "https://github.com/RusPiRo/ruspiro-singleton/issues/10"
categories = ["memory-corruption"]
keywords = ["concurrency"]

[versions]
patched = [">= 0.4.1"]
```

# Singleton lacks bounds on Send and Sync.

`Singleton<T>` is meant to be a static object that can be initialized lazily. In
order to satisfy the requirement that `static` items must implement `Sync`,
`Singleton` implemented both `Sync` and `Send` unconditionally.

This allows for a bug where non-`Sync` types such as `Cell` can be used in
singletons and cause data races in concurrent programs.

The flaw was corrected in commit `b0d2bd20e` by adding trait bounds, requiring
the contaiend type to implement `Sync`.

0 comments on commit f7307c1

Please sign in to comment.