Lib.rs

arr › Reviews
RUSTSEC-2020-0034 on 2020-08-25: Multiple security issues including data race, buffer overflow, and uninitialized memory drop

arr crate contains multiple security issues. Specifically,

  1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
  2. Index and IndexMut implementation does not check the array bound.
  3. Array::new_from_template() drops uninitialized memory.

CVE-2020-35886

CVE-2020-35887

CVE-2020-35888

GHSA-36xw-hgfv-jwm7

GHSA-c7fw-cr3w-wvfc

GHSA-fhvj-7f9p-w788

This crate has no reviews yet. To add a review, set up your cargo-crev.

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.

To review the actual code of the crate, it's best to use cargo crev open arr. Alternatively, you can download the tarball of arr v0.6.1 or view the source online.