-
-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ButtplugFutureStateShared allows data race to (!Send|!Sync) objects #225
Comments
P.S. I used |
Thanks for the heads up! I'll check this out ASAP. :D |
Is If that's the case, these two unsafe lines can be removed entirely. The compiler will automatically apply the correct bound. |
After removing the Below is a snapshot from the documentation I built locally after removing the two |
Hello 🦀,
we (Rust group @sslab-gatech) found a memory-safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities.
Issue (Describe the bug)
Send
/Sync
are unconditionally implemented forButtplugFutureStateShared
,and thus it is possible to cause a data race to a (
!Send
|!Sync
) object.Proof of Concept (Actual behavior)
Below is an example program that segfaults while using
ButtplugFutureStateShared
.Segmentation fault was observed when the program was built with
rustc 1.49.0-nightly
inDebug
mode (onUbuntu 18.04
).The program below allows two threads to concurrently access the same
Cell
(one thread writes to
Cell
while the other thread reads fromCell
).Suggested Solution
Adding
T: Send
bound to theSend
impl &T:Sync
bound to theSync
impl canprevent code like the above to be revoked by the compiler.
Thank you for reviewing this issue 🦀
The text was updated successfully, but these errors were encountered: