Impact
Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally.
This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected and unpredictable behavior.
Specifically, the affected methods were:
renderdoc::api::RenderDocV110::trigger_multi_frame_capturerenderdoc::api::RenderDocV120::set_capture_file_comments
Patches
This flaw was corrected in release 0.5.0 and newer.
References
- See pull request #32 for the fix and linked issues.
- A corresponding
cargo-audit advisory has been filed under RUSTSEC-2019-0018.
For more information
If you have any questions or comments about this advisory:
Impact
Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally.
This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected and unpredictable behavior.
Specifically, the affected methods were:
renderdoc::api::RenderDocV110::trigger_multi_frame_capturerenderdoc::api::RenderDocV120::set_capture_file_commentsPatches
This flaw was corrected in release 0.5.0 and newer.
References
cargo-auditadvisory has been filed under RUSTSEC-2019-0018.For more information
If you have any questions or comments about this advisory: