RUSTSEC-2020-0033: alg_ds: Matrix::new() drops uninitialized memory

Next: RUSTSEC-2020-0034: arr: Multiple security issues including data race, buffer overflow, and uninitialized memory drop
Previous: RUSTSEC-2020-0032: alpm-rs: StrcCtx deallocates a memory region that it doesn't own

August 25, 2020

Description

Matrix::new() internally calls Matrix::fill_with() which uses *ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct.

More Info

https://gitlab.com/dvshapkin/alg-ds/-/issues/1

Patched Versions

None!