rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Assigned RUSTSEC-2023-0087 to simd-json-derive (#2126)

Browse Source 
Co-authored-by: amousset <329388+amousset@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2024-11-10 16:02:31 +01:00
committed by GitHub
parent 3a569e8fa6
commit a3e809f6e4
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.duplicate-id-guard
View File

@@ -1,3 +1,3 @@
This file causes merge conflicts if two ID assignment jobs run concurrently.
This prevents duplicate ID assignment due to a race between those jobs.
7c4dd59d9b0c868406fb44dbd1232b8e9085a5a863794b986a8cbd9ccac8b49c -
bce67f0e5542ba57284b5f5636ac4da80340ff92fb47da55ed7992d89499f3ac -

4
crates/simd-json-derive/RUSTSEC-0000-0000.md → crates/simd-json-derive/RUSTSEC-2023-0087.md
View File

@@ -1,7 +1,7 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
id = "RUSTSEC-2023-0087"
package = "simd-json-derive"
@@ -25,4 +25,4 @@ patched = [">= 0.12.0"]
An invalid use of `MaybeUninit::uninit().assume_init()` in `simd-json-derive`'s derive macro can cause undefined behavior. The original code used `MaybeUninit` to avoid initialisation of the struct and then set the fields using `ptr::write`. The undefined behavior triggered by this misuse of `MaybeUninit` can lead to invlaid memory access and panics in binaries compiled in release mode (aka simd-json-derive prior to version 0.12 has UB and optimizes into some nonsense)
The `0.12.0` removes this section of code, avoiding the use of MaybeUninit alltogether.
The `0.12.0` removes this section of code, avoiding the use of MaybeUninit alltogether.