search

feather-rs / feather

A Minecraft server implementation in Rust
Apache License 2.0
2.58k stars 142 forks source link

UnsafeSendSync/ThreadPinned<T>: Data race allowed on T #557

Open kuzeyardabulut opened 11 months ago

kuzeyardabulut commented 11 months ago

Hi, I found a memory-safety/soundness issue in this crate while scanning Rust code for potential vulnerabilities. This PR contains a fix for the issue.

Issue Description

ThreadPinned<T> unconditionally implements Sync. This allows users to create data races on T: !Sync. Such data races can lead to undefined behavior.

https://github.com/feather-rs/feather/blob/2f99d76aaad022e65550c88594b7b9b259503c16/feather/plugin-host/src/thread_pinned.rs#L44-L45

same https://github.com/feather-rs/feather/blob/2f99d76aaad022e65550c88594b7b9b259503c16/feather/old/server/types/src/task.rs#L30-L31

MalbaCato commented 11 months ago

did you also pr this "fix" to std::sync::Exclusive?

kuzeyardabulut commented 11 months ago

did you also pr this "fix" to std::sync::Exclusive?

What do u mean?