forked from rustsec/advisory-db
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Crossbeam AtomicCell<*64> Soundness rustsec#1203
- Loading branch information
1 parent
474984f
commit 7cf343e
Showing
1 changed file
with
59 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
```toml | ||
[advisory] | ||
id = "RUSTSEC-0000-0000" | ||
package = "crossbeam-utils" | ||
date = "2022-02-05" | ||
informational = "unsound" | ||
categories = ["memory-corruption"] | ||
url = "https://github.com/crossbeam-rs/crossbeam/pull/781" | ||
aliases = ["GHSA-qc84-gqf4-9926"] | ||
|
||
[versions] | ||
patched = [">= 0.8.7"] | ||
``` | ||
|
||
# Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64 | ||
|
||
## Impact | ||
|
||
The affected version of this crate incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64. | ||
|
||
However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64. | ||
|
||
This can cause the following problems: | ||
|
||
- Unaligned memory accesses | ||
- Data race | ||
|
||
Crates using fetch_* methods with AtomicCell<{i,u}64> are affected by this issue. | ||
|
||
32-bit targets without Atomic{I,U}64 and 64-bit targets are not affected by this issue. | ||
|
||
32-bit targets with Atomic{I,U}64 and {i,u}64 have the same alignment are also not affected by this issue. | ||
|
||
The following is a complete list of the builtin targets that may be affected. (last update: nightly-2022-02-11) | ||
|
||
- armv7-apple-ios (tier 3) | ||
- armv7s-apple-ios (tier 3) | ||
- i386-apple-ios (tier 3) | ||
- i586-unknown-linux-gnu | ||
- i586-unknown-linux-musl | ||
- i686-apple-darwin (tier 3) | ||
- i686-linux-android | ||
- i686-unknown-freebsd | ||
- i686-unknown-haiku (tier 3) | ||
- i686-unknown-linux-gnu | ||
- i686-unknown-linux-musl | ||
- i686-unknown-netbsd (tier 3) | ||
- i686-unknown-openbsd (tier 3) | ||
- i686-wrs-vxworks (tier 3) | ||
|
||
([script to get list](https://gist.github.com/taiki-e/3c7891e8c5f5e0cbcb44d7396aabfe10)) | ||
|
||
## Patches | ||
|
||
This has been fixed in crossbeam-utils 0.8.7. | ||
|
||
Affected 0.8.x releases have been yanked. | ||
|
||
Thanks to @taiki-e |