gitarena icon indicating copy to clipboard operation
gitarena copied to clipboard

Published 20 hours ago verified publisher icon mellowagain

RUSTSEC-2020-0159: Potential segfault in `localtime_r` invocations

Open github-actions[bot] opened this issue 3 years ago • 2 comments

Potential segfault in localtime_r invocations

Details
Package chrono
Version 0.4.19
URL https://github.com/chronotope/chrono/issues/499
Date 2020-11-10

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

See advisory page for additional details.

github-actions[bot] avatar Jan 16 '22 01:01 github-actions[bot]

May be a duplicate of #40 - keeping it open as this one is for the chrono crate while #40 is for the time crate

mellowagain avatar Jan 16 '22 02:01 mellowagain

The time crate has fixed this issue (I think, but judging from the discussion on the linked issue it seems somewhat still occuring?). Keeping this on hold because as of now there are no known fixes to chrono or work arounds for this issue.

mellowagain avatar Jan 17 '22 19:01 mellowagain