RUSTSEC-2020-0037: crayon: Misbehaving `HandleLike` implementation can lead to memory safety violation

Description

Unsafe code in ObjectPool has time-of-check to time-of-use (TOCTOU) bug that can eventually lead to a memory safety violation. ObjectPool and HandlePool implicitly assumes that HandleLike trait methods are pure, i.e., they always return the same value. However, this assumption is unsound since HandleLike is a safe, public trait that allows a custom implementation.

More Info

https://github.com/shawnscode/crayon/issues/87

Patched Versions