peterhuene opened PR #3818 from port-cve-fix-to-main
to main
:
This PR ports the fix for
CVE-2022-23636
tomain
, but performs a
refactoring that makes it unnecessary for the instance itself to track if it
has been initialized; such a change was not targeted enough for a security
patch.The pooling allocator will now only initialize an instance if all of its
associated resource creation succeeds. If the resource creation fails, no
instance is dropped as none was initialized.Also updates
RELEASES.md
to include the related patch releases.
peterhuene requested alexcrichton for a review on PR #3818.
alexcrichton submitted PR review.
alexcrichton submitted PR review.
alexcrichton created PR review comment:
To avoid this arc clone/decrement could the module be passed in? (since I think callers always have it available)
peterhuene submitted PR review.
peterhuene created PR review comment:
I'll do that and assert the two modules match.
peterhuene updated PR #3818 from port-cve-fix-to-main
to main
.
peterhuene requested alexcrichton for a review on PR #3818.
alexcrichton submitted PR review.
alexcrichton merged PR #3818.
Last updated: Dec 23 2024 at 12:05 UTC