Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit byteorder #53

Open
evanjs opened this issue Nov 3, 2019 · 2 comments
Open

Audit byteorder #53

evanjs opened this issue Nov 3, 2019 · 2 comments

Comments

@evanjs
Copy link

evanjs commented Nov 3, 2019

Tried to audit image and was hit by a slew of unsafe dependencies.
The largest (yet unfiled) crate seemed to be byteorder.

Functions  Expressions  Impls  Traits  Methods  Dependency

1/1        225/225      0/0    0/0     0/0      !  byteorder 1.3.2

A fun unsafe example can be found in the slice_to_u8_mut function, which is "wildly" unsafe, per the doc-comments.
@Shnatsel
Copy link
Member

Shnatsel commented Nov 4, 2019
edited

That function itself is marked unsafe, so it's OK for it to be wildly unsafe because you cannot call it from a safe context. I.e. any dependency that wants to use it would need its own unsafe block.

https://crates.io/crates/bytemuck provides "guarded" versions of that and encapsulates the unsafety behind a safe API, but for byteorder pulling in that dependency is probably overkill.

@Shnatsel
Copy link
Member

Shnatsel commented Nov 4, 2019

Oh it's not a pub fn, it's an internal function. Disregard my earlier comment.

@Kerollmops Kerollmops mentioned this issue Jan 10, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Shnatsel @evanjs