`instr` and `mvwinstr` are never safe to use

Question

`instr` and `mvwinstr` are never safe to use

thomcc opened this issue 5 years ago · comments

They write an arbitrary amount of data from the terminal into strings without any checks for length. It's almost impossible to use safely, and will almost certainly result in a buffer overflow.

This function should be removed (or marked as unsafe, but really there's no reason to keep it around).

See rustsec/advisory-db#106

Jeaye Wilkerson · Answer 1 · Sun Jun 16 2019 01:31:36 GMT+0800 (China Standard Time)

ncurses is a terribly unsafe library and ncurses-rs is the lightest weight wrapper for it possible. It's meant to expose the ncurses fns as-is. All of the issues and discussions regarding removing fns, deprecating them, etc. are all missing the point of ncurses-rs. If you want a safe and idiomatic Rust library for TUIs, look elsewhere. If you want a 1:1 C:Rust port, ncurses-rs will do the trick.

Thom Chiovoloni · Answer 2 · Sun Jun 16 2019 04:25:42 GMT+0800 (China Standard Time)

Even in C use of gets will get you a compiler warning since it's always a buffer overflow.

This is a wild take.

Alexandre Bury · Answer 3 · Sun Jun 16 2019 04:45:50 GMT+0800 (China Standard Time)

It turns out that rust does have a way to indicate a function is unsafe: the unsafe keyword!

It should most likely at least be added to functions like that.

Jeaye Wilkerson · Answer 4 · Sun Jun 16 2019 06:11:09 GMT+0800 (China Standard Time)

It turns out that rust does have a way to indicate a function is unsafe: the unsafe keyword!

It should most likely at least be added to functions like that.

#187 (comment)