GHSA-9c9f-7x9p-4wqp

Source

https://github.com/advisories/GHSA-9c9f-7x9p-4wqp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-9c9f-7x9p-4wqp/GHSA-9c9f-7x9p-4wqp.json

Aliases

• RUSTSEC-2022-0007

Published

2022-06-17T00:16:11Z

Modified

2023-11-08T04:17:51.156433Z

Details

This is impossible to do by accident, but by carefully constructing marker types to be covariant, a malicious coder can cheat the singleton check in TCellOwner and TLCellOwner, giving unsound access to cell memory. This could take the form of getting two mutable references to the same memory, or a mutable reference and an immutable reference.

The fix is for the crate to internally force the marker type to be invariant. This blocks the conversion between covariant types which Rust normally allows.

References

• https://github.com/uazu/qcell/issues/20
• https://github.com/uazu/qcell
• https://rustsec.org/advisories/RUSTSEC-2022-0007.html