Merge pull request #846 from ammaraskar/slice-deque

Report double-free in slice-deque
rustsec · Mar 30, 2021 · e60d4aa · e60d4aa
2 parents 7794fa1 + 727cea2
commit e60d4aa
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/crates/slice-deque/RUSTSEC-0000-0000.md b/crates/slice-deque/RUSTSEC-0000-0000.md
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "slice-deque"
+date = "2021-02-19"
+url = "https://github.com/gnzlbg/slice_deque/issues/90"
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "double-free"]
+
+[versions]
+patched = []
+```
+
+# SliceDeque::drain_filter can double drop an element if the predicate panics
+
+Affected versions of the crate incremented the current index of the drain filter
+iterator *before* calling the predicate function `self.pred`.
+
+If the predicate function panics, it is possible for the last element in the
+iterator to be dropped twice.