Unsoundness in `intern` methods on `intaglio` symbol interners · GHSA-gch5-hwqf-mxhp · GitHub Advisory Database · GitHub

Unsoundness in `intern` methods on `intaglio` symbol interners

Low severity GitHub Reviewed Published Jul 27, 2023 to the GitHub Advisory Database • Updated Jul 27, 2023

Package

intaglio (Rust)

Affected versions

< 1.9.0

Patched versions

1.9.0

Description

Affected versions of this crate have a stacked borrows violation when creating
references to interned contents. All interner types are affected.

The flaw was corrected in version 1.9.0 by reordering move and borrowing
operations and storing interned contents by raw pointer instead of as a Box.

References

Published to the GitHub Advisory Database Jul 27, 2023

Reviewed Jul 27, 2023

Last updated Jul 27, 2023