Skip to content

Update Rust crate smallvec to v1.6.1 [SECURITY] #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Rust crate smallvec to v1.6.1 [SECURITY] #26

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Aug 28, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
smallvec dependencies minor 1.0.0 -> 1.6.1

GitHub Vulnerability Alerts

CVE-2021-25900

A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.

The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.

Release Notes

servo/rust-smallvec (smallvec)

v1.6.1

Compare Source

v1.6.0

Compare Source

  • The "union" feature is now compatible with stable Rust 1.49 (#​248, #​247).
  • Fixed warnings when compiling with Rust 1.51 nightly (#​242, #​246).

v1.5.1

Compare Source

  • Improve performance of push (#​241).

v1.5.0

Compare Source

  • Add the append method (#​237).
  • Add support for more array sizes between 17 and 31 (#​234).
  • Don't panic on deserialization errors (#​238).

v1.4.2

Compare Source

  • insert_many no longer leaks elements if the provided iterator panics (#​213).
  • The unstable const_generics and specialization features are updated to work with the most recent nightly Rust toolchain (#​232).
  • Internal code cleanup (#​229, #​231).

v1.4.1

Compare Source

  • Don't allocate when the size of the element type is zero. Allocating zero bytes is undefined behavior. (#​228)

v1.4.0

Compare Source

  • Add try_reserve, try_reserve_exact, and try_grow methods (#​214).

v1.3.0

Compare Source

  • Add a new unstable const_generics feature (#​204).
  • Improve inlining of constructor functions (#​206).
  • Add a slice.to_smallvec() convenience method (#​203).
  • Documentation and testing improvements.

v1.2.0

Compare Source

  • IntoIter now implements Debug (#​196).
  • smallvec! macro is now easier to use in no_std contexts where the vec! macro isn't automatically imported (#​198).

v1.1.0

Compare Source

  • Added new method SmallVec::into_boxed_slice (#​190).
  • Added new methods IntoIter::as_slice and as_mut_slice (#​182).
  • IntoIter now implements Clone (#​192).
  • Improved documentation and testing (#​186, #​189, #​193).
  • Minor code cleanups (#​176).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/crate-smallvec-vulnerability branch from 5d5d1dc to dd1efd5 Compare December 10, 2025 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant