RUSTSEC-2020-0034: arr: Multiple security issues including data race, buffer overflow, and uninitialized memory drop

Description

arr crate contains multiple security issues. Specifically,

  1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
  2. Index and IndexMut implementation does not check the array bound.
  3. Array::new_from_template() drops uninitialized memory.

More Info

https://github.com/sjep/array/issues/1

Patched Versions