RUSTSEC-2020-0102

LateStatic has incorrect Sync bound

Issued
Package
late-static (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
  • thread-safety
Aliases
Details
https://github.com/Richard-W/late-static/issues/1
Patched
  • >=0.4.0

Description

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync (e.g. Cell<T>).

This can result in a memory corruption or other kinds of undefined behavior.

The flaw was corrected in commit 11f396c by replacing the T: Send bound to T: Sync bound in the Sync impl for LateStatic<T>.

More