RUSTSEC-2018-0018
smallvec creates uninitialized value of any type
- Reported
- Issued
- Package
- smallvec (crates.io)
- Type
- INFO Unsound
- Aliases
- References
- Patched
-
>=0.6.13
Description
Affected versions of this crate called mem::uninitialized()
to create values of a user-supplied type T
.
This is unsound e.g. if T
is a reference type (which must be non-null and thus may not remain uninitialized).
The flaw was corrected by avoiding the use of mem::uninitialized()
, using MaybeUninit
instead.
Advisory available under CC0-1.0 license.