RUSTSEC-2021-0018

insert_slice_clone can double drop if Clone panics.

Issued
Package
qwutils (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
Details
https://github.com/qwertz19281/rust_utils/issues/3
Patched
  • >=0.3.1
Keywords
  • memory-safety
  • double-free
Affected Functions
Version
qwutils::imp::vec::VecExt::insert_slice_clone
  • <0.3.1

Description

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element.

This issue can result in an element being double-freed if the clone call panics.

Commit 20cb73d fixed this issue by adding a set_len(0) call before operating on the vector to avoid dropping the elements during a panic.

More