Skip to content

Logical Race Fix
Compare
Choose a tag to compare
@djherbis djherbis released this 17 Jan 16:21
· 21 commits to master since this release
v2.0.1
ef1ef18

Big thanks to @danp for finding and fixing a race

toctou race between:

  • check: if a write is too large to fit in the remaining space in a buffer
  • use: write to the buffer, capping the write at the size of the gap

Since we blocked on a zero-sized gap before doing the write, it's possible that the gap could have grown larger than the write, causing us to slice the write past it's boundaries!

Assets 2
Loading