process-sync SharedMutex Unsoundness Vulnerability in Rust
Vulnerability
A potential unsoundness vulnerability has been identified in the process-sync crate version 0.2.2 for Rust. The issue arises in the SharedMutex implementation, where the drop function does not verify whether the associated pthread_mutex is unlocked before destruction. This oversight can lead to undefined behavior, as documented in the POSIX standard, which states that destroying a locked mutex is not permissible.
Impact
Improper handling of mutex destruction can lead to undefined behavior, potentially causing synchronization issues or crashes in applications that rely on the process-sync crate for interprocess communication.
Reproduction
The vulnerability can be reproduced by creating a SharedMutex instance, locking it, and then dropping the instance without unlocking the mutex first. This sequence of actions will trigger the issue by attempting to destroy a locked pthread_mutex, violating the expected behavior and potentially leading to undefined consequences.
Remediation
Users are advised to ensure that mutexes are unlocked before they are dropped, following the example set by Rust's standard library implementation of pthread mutex handling.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.