Code reviews of the endian_trait crate // Lib.rs

RUSTSEC-2021-0039 on 2021-01-04: panic in user-provided Endian impl triggers double drop of T

Affected versions of the crate does not guard against panic from user-provided impl of Endian trait, which is a safe trait that users can implement. If a user-provided implementation of the Endian trait panics, double-drop is triggered due to the duplicated ownership of T created by ptr::read().

Double-drop (or double free) can cause memory corruption in the heap.

CVE-2021-29929

GHSA-vpw8-43wm-rxw5

This crate has no reviews yet. To add a review, set up your cargo-crev.

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.

To review the actual code of the crate, it's best to use cargo crev open endian_trait. Alternatively, you can download the tarball of endian_trait v0.6.0 or view the source online.