HistoryEdit

RUSTSEC-2021-0053

'merge_sort::merge()' crashes with double-free for T: Drop

Reported
Issued
Package
algorithmica (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/AbrarNitk/algorithmica/issues/1
Patched
no patched versions

Description

In the affected versions of this crate, merge_sort::merge() wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking merge_sort::merge() on Vec<T: Drop> can cause double free bugs.