RUSTSEC-2021-0040
on 2021-01-12: panic safety: double drop or uninitialized drop of T upon panic
This crate has no reviews yet. To add a review, set up your cargo-crev.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open arenavec. Alternatively, you can download the tarball of arenavec v0.1.1 or view the source online.
Affected versions of this crate did not guard against potential panics that may happen from user-provided functions
T::default()andT::drop().Panic within
T::default()leads to dropping uninitializedT, when it is invoked fromcommon::Slice::<T, H>::new(). Panic withinT::drop()leads to double drop ofT, when it is invoked either fromcommon::SliceVec::<T, H>::resize_with()orcommon::SliceVec::<T, H>::resize()Either case causes memory corruption in the heap memory.
CVE-2021-29930
CVE-2021-29931
GHSA-327x-39hh-65wf
GHSA-955p-rc5h-hg6h