Question 1

Is there a bug in crossbeam 0.0.0-0?

Accepted Answer

`MsQueue` `push`/`pop` use the wrong orderings Affected versions of this crate use orderings which are too weak to support this data structure.
It is likely this has caused memory corruption in the wild: <https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919>. Fixed in crossbeam 0.3.0.

Question 2

Is there a bug in crossbeam 0.0.0-0?

Accepted Answer

`SegQueue` creates zero value of any type Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`.
This is unsound e.g. if `T` is a reference type (which must be non-null).
 
The flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead. Fixed in crossbeam 0.7.0.

Question 3

Is there a bug in crossbeam 0.4.0?

Accepted Answer

MsQueue and SegQueue suffer from double-free Even if an element is popped from a queue, crossbeam would run its
destructor inside the epoch-based garbage collector. This is a source
of double frees.

The flaw was corrected by wrapping elements inside queues in a
`ManuallyDrop`.

Thanks to @c0gent for reporting the issue. Fixed in crossbeam 0.4.1.

Question 4

Is there a bug in crossbeam?

Accepted Answer

`MsQueue` `push`/`pop` use the wrong orderings Affected versions of this crate use orderings which are too weak to support this data structure.
It is likely this has caused memory corruption in the wild: <https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919>.
 Fixed in crossbeam 0.3.0.

Question 5

Is there a bug in crossbeam?

Accepted Answer

`SegQueue` creates zero value of any type Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`.
This is unsound e.g. if `T` is a reference type (which must be non-null).
 
The flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.
 Fixed in crossbeam 0.7.0.

Question 6

Is there a bug in crossbeam 0.4.0?

Accepted Answer

Double free in crossbeam Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees.

The flaw was corrected by wrapping elements inside queues in a ManuallyDrop. Fixed in crossbeam 0.4.1.

Severity	Affected	Fixed in	Title	Status	Source
medium	0.0.0-0	0.3.0	`MsQueue` `push`/`pop` use the wrong orderings Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild: <https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919>.	fixed	osv:RUSTSEC-2022-0029
medium	0.0.0-0	0.7.0	`SegQueue` creates zero value of any type Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`. This is unsound e.g. if `T` is a reference type (which must be non-null). The flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.	fixed	osv:RUSTSEC-2022-0020
medium	0.4.0	0.4.1	MsQueue and SegQueue suffer from double-free Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees. The flaw was corrected by wrapping elements inside queues in a `ManuallyDrop`. Thanks to @c0gent for reporting the issue.	fixed	osv:RUSTSEC-2018-0009
medium	any	0.3.0	`MsQueue` `push`/`pop` use the wrong orderings Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild: <https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919>.	fixed	osv:GHSA-rwf4-gx62-rqfw
medium	any	0.7.0	`SegQueue` creates zero value of any type Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`. This is unsound e.g. if `T` is a reference type (which must be non-null). The flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.	fixed	osv:GHSA-8gj8-hv75-gp94
critical	0.4.0	0.4.1	Double free in crossbeam Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees. The flaw was corrected by wrapping elements inside queues in a ManuallyDrop.	fixed	osv:GHSA-c3cw-c387-pj65

crossbeam known bugs