Affected versions of this crate were using a debug assertion to validate the
last parameter of
partial_sort(). This would allow invalid inputs to cause
an out-of-bounds read instead of immediately panicking, when compiled without
All writes are bounds-checked, so the out-of-bounds memory access is read-only.
This also means that the first attempted out-of-bounds write will panic,
limiting the possible reads.
The accessible region is further limited by an initial bounds-checked read
(last / 2) - 1, i.e., it is proportional to the size of the vector.
This bug has been fixed in v0.2.0.
Advisory available under CC0-1.0