rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Assigned RUSTSEC-2025-0054 to array-queue

Browse Source
This commit is contained in:
djc
2025-09-01 12:54:22 +00:00
committed by Dirkjan Ochtman
parent ad75531bdb
commit 97dec1d752
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.duplicate-id-guard
View File

@@ -1,3 +1,3 @@
This file causes merge conflicts if two ID assignment jobs run concurrently.
This prevents duplicate ID assignment due to a race between those jobs.
9a01a60d704d21710008e1cbda0135d3ab4b33923d77f677c5d11f1450f9eec4 -
4bbdcd2e09b19b1bf445893cb61fbaf2d3346bf65b37eef11fcff6f599497294 -

4
crates/array-queue/RUSTSEC-0000-0000.md → crates/array-queue/RUSTSEC-2025-0054.md
View File

@@ -1,6 +1,6 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
id = "RUSTSEC-2025-0054"
package = "array-queue"
date = "2025-08-14"
@@ -22,4 +22,4 @@ The safe API `array_queue::ArrayQueue::push_front` can lead to deallocating unin
Specifically, `push_front` receives an argument that is intended to be cloned and pushed, whose type implements the `Clone` trait. Furthermore, the method updates the queue's `start` index before initializing the slot for the newly pushed element. User-defined implementations of `Clone` may include a `clone` method that can panic. If such a panic occurs during initialization, the structure is left with an advanced `start` index pointing to an uninitialized slot. When `ArrayQueue` is later dropped, its destructor treats that slot as initialized and attempts to drop it, resulting in an attempt to free uninitialized memory.
The bug was fixed in commit `728fe1b`.
The bug was fixed in commit `728fe1b`.