RUSTSEC-2020-0126

SyncChannel can move 'T: !Send' to other threads

Issued
Package
signal-simple (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
  • thread-safety
Details
https://github.com/kitsuneninetails/signal-rust/issues/2
Patched
no patched versions

Description

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel<T>. SyncChannel<T> doesn't provide access to &T but merely serves as a channel that consumes and returns owned T.

Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs. Using T = Arc<Cell<_> allows to create data races (which can lead to memory corruption), and using T = MutexGuard<T> allows to unlock a mutex from a thread that didn't lock the mutex.

More