Affected versions of scratchpad
used ptr::read
to read elements while
calling a user provided function f
on them.
Since the pointer read duplicates ownership, a panic inside the user provided
f
function could cause a double free when unwinding.
The flaw was fixed in commit 891561bea
by removing the unsafe block and using
a plain iterator.
{ "license": "CC0-1.0" }