RUSTSEC-2018-0018

smallvec creates uninitialized value of any type

Issued
Package
smallvec (crates.io)
Type
Unsound
Details
https://github.com/servo/rust-smallvec/issues/126
Patched
  • >=0.6.13

Description

Affected versions of this crate called mem::uninitialized() to create values of a user-supplied type T. This is unsound e.g. if T is a reference type (which must be non-null and thus may not remain uninitialized).

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

More