RUSTSEC-2018-0018

smallvec creates uninitialized value of any type

Reported

September 25, 2018

Issued

October 2, 2020

Package

smallvec (crates.io)

Type

INFO Unsound

Details

https://github.com/servo/rust-smallvec/issues/126

Patched

>=0.6.13

Description

Affected versions of this crate called mem::uninitialized() to create values of a user-supplied type T. This is unsound e.g. if T is a reference type (which must be non-null and thus may not remain uninitialized).

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.