Audit byteorder
evanjs opened this issue · comments
Tried to audit image and was hit by a slew of unsafe dependencies.
The largest (yet unfiled) crate seemed to be byteorder.
Functions Expressions Impls Traits Methods Dependency
1/1 225/225 0/0 0/0 0/0 ! byteorder 1.3.2
A fun unsafe example can be found in the slice_to_u8_mut function, which is "wildly" unsafe, per the doc-comments.
That function itself is marked unsafe
, so it's OK for it to be wildly unsafe because you cannot call it from a safe context. I.e. any dependency that wants to use it would need its own unsafe block.
https://crates.io/crates/bytemuck provides "guarded" versions of that and encapsulates the unsafety behind a safe API, but for byteorder pulling in that dependency is probably overkill.
Oh it's not a pub fn
, it's an internal function. Disregard my earlier comment.