Add Insufficient covariance check makes self_cell unsound (#1818)

rustsec · Nov 11, 2023 · 0c128ba · 0c128ba
1 parent 0f4e16f
commit 0c128ba
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/crates/self_cell/RUSTSEC-0000-0000.md b/crates/self_cell/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "self_cell"
+date = "2023-11-10"
+url = "https://github.com/Voultapher/self_cell/issues/49"
+categories = []
+keywords = ["unsound", "self_cell", "self-referential"]
+
+[versions]
+patched = [">= 0.10.3, < 1.0.0", ">= 1.0.2"]
+```
+
+# Insufficient covariance check makes self_cell unsound
+
+All public versions prior to `1.02` used an insufficient check to ensure that
+users correctly marked the dependent type as either `covariant` or
+`not_covariant`. This allowed users to mark a dependent as covariant even though
+its type was not covariant but invariant, for certain invariant types involving
+trait object lifetimes. One example for such a dependent type is `type
+Dependent<'a> = RefCell<Box<dyn fmt::Display + 'a>>`. Such a type allowed
+unsound usage in purely safe user code that leads to undefined behavior. The
+patched versions now produce a compile time error if such a type is marked as
+`covariant`.