heim-rs / heim

Cross-platform async library for system information fetching 🦀
https://heim-rs.github.io/
Apache License 2.0
902 stars 95 forks source link

RUSTSEC-2021-0072: Task dropped in wrong thread when aborting `LocalSet` task #338

Open github-actions[bot] opened 3 years ago

github-actions[bot] commented 3 years ago

Task dropped in wrong thread when aborting LocalSet task

Details
Package tokio
Version 0.3.7
URL https://github.com/tokio-rs/tokio/issues/3929
Date 2021-07-07
Patched versions >=1.5.1, <1.6.0,>=1.6.3, <1.7.0,>=1.7.2, <1.8.0,>=1.8.1
Unaffected versions <0.3.0

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

See tokio#3929 for more details.

See advisory page for additional details.