search

LavaGang / MelonLoader

The World's First Universal Mod Loader for Unity Games compatible with both Il2Cpp and Mono
https://discord.gg/2Wn3N2P
Apache License 2.0
2.38k stars 472 forks source link

NativeHook<T>: Data race allowed on T #504

Closed kuzeyardabulut closed 1 year ago

kuzeyardabulut commented 1 year ago

Hi, I found a memory-safety/soundness issue in this crate while scanning Rust code for potential vulnerabilities. This PR contains a fix for the issue.

Issue Description

NativeHook<T> unconditionally implements Sync. This allows users to create data races on T: !Sync. Such data races can lead to undefined behavior. https://github.com/LavaGang/MelonLoader/blob/41071711aa1b20d340196000b51f862118c736be/Bootstrap/src/hooks/mod.rs#L55-L56

RinLovesYou commented 1 year ago

thank you for this pull request, it seems like something is wrong with proc macros in the build though, i love github actions. I will investigate further

kuzeyardabulut commented 1 year ago

thank you for this pull request, it seems like something is wrong with proc macros in the build though, i love github actions. I will investigate further

Thanks for your response!