{"id":"RUSTSEC-2024-0018","summary":"ObjectPool creates uninitialized memory when freeing objects","details":"As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its\ntype parameter when it attempts to free an object, and swaps it into the storage. This\ncauses instant undefined behavior due to reading the uninitialized memory in order to\nwrite it to the pool storage.\n\nExtremely basic usage of the crate can trigger this issue, e.g. this code from a doctest:\n\n```rust\nuse crayon::prelude::*;\napplication::oneshot().unwrap();\n\nlet mut params = MeshParams::default();\n\nlet mesh = video::create_mesh(params, None).unwrap();\n\n// Deletes the mesh object.\nvideo::delete_mesh(mesh); // \u003c-- UB\n```\n\nThe Clippy warning for this code was silenced in commit c2fde19caf6149d91faa504263f0bc5cafc35de5.\n\nDiscovered via https://asan.saethlin.dev/ub?crate=crayon&version=0.7.1","aliases":["GHSA-xfhw-6mc4-mgxf"],"modified":"2024-04-11T16:41:43.882509Z","published":"2024-02-27T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/crayon"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0018.html"},{"type":"REPORT","url":"https://github.com/shawnscode/crayon/issues/109"}],"affected":[{"package":{"name":"crayon","ecosystem":"crates.io","purl":"pkg:cargo/crayon"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.6.0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":["crayon::utils::object_pool::ObjectPool\u003cH,T\u003e::free"]},"affected_functions":null},"database_specific":{"categories":["memory-corruption"],"cvss":null,"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0018.json"}}],"schema_version":"1.7.3"}