0.7.4 (current)
From google/supply-chain copy of chromium. Audited without comment by Nicholas Bishop.
These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.
0.7.4 (current)
From kornelski/crev-proofs copy of salsa.debian.org.
0.7.4 (current)
From kornelski/crev-proofs copy of git.savannah.gnu.org.
Packaged for Guix (crates-io)
The current version of ArrayVec is 0.7.4.
0.7.2 (older version)
From bytecodealliance/wasmtime. By Nick Fitzgerald.
Well documented invariants, good assertions for those invariants in unsafe code, and tested with MIRI to boot. LGTM.
cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.
- safe-to-deploy (implies safe-to-run)
-
This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. More…
- safe-to-run
-
This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…
- does-not-implement-crypto (implies crypto-safe)
-
Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own.
Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be "good enough" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.
- crypto-safe
Implied by other criteria
All crypto algorithms in this crate have been reviewed by a relevant expert.
Note: If a crate does not implement crypto, use
does-not-implement-crypto, which impliescrypto-safe, but does not require expert review in order to audit for.- unknown
-
May have been packaged automatically without a review
These reviews are from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.
The current version of ArrayVec is 0.7.4.
0.7.2 (older version) Thoroughness: Medium Understanding: Low
by ThomasdenH on 2021-12-23
The crate uses a lot of unsafe, although the conditions for safety seem to have been taken in consideration carefully. The use of unsafe consists of: - Handling len/capacity where bounds are checked manually. This looks correct. - Handling unitialized memory for indices >= len. I don't know enough about it to judge correctness here - Handling utf8 conversions/assumptions. For example, the conversion from char to bytes. Correctness is checked for every byte here, so this is likely correct, too.
0.5.1 (older version) Thoroughness: Medium Understanding: Medium
by MaulingMonkey on 2019-12-22
Stack/value variable length arrays without heap fallback.
Pros:
- Maybe sound?
- Better than what you'll write.
Cons:
- History of unsoundness (0.4.10 and earlier)
- Disturbing amounts of unsafe
This version switched some slices possibly containing uninit (UB!) to use
pointers instead. This makes encode_utf8 unsafe, sadly.
| Diff | Rating | Notes |
|---|---|---|
| .cargo_vcs_info.json | +1 | |
| .gitignore | +1 | |
| Cargo.lock | +1 | Rust version bump? |
| Cargo.toml | +1 | debug [profile.*] |
| Cargo.toml.orig | +1 | debug [profile.*] |
| README.rst | +1 | |
| *.{events,string_data,string_index} | 0 | Binary test files, unreviewed |
| src/array.rs | +1 | Removed #[inline] |
| src/array_string.rs | +1 | Added fn len, removed #[inline], use ptr instead of slice |
| src/chars.rs | +1 | encode_utf8 is now sadly unsafe, more test coverage |
| src/lib.rs | +1 | Inline tweaks, more (correct) ptr use, add as_*_ptr to match Vec (safe/sound) |
0.5.0 (older version) Thoroughness: Medium Understanding: Medium
by MaulingMonkey on 2019-09-25
Show review…
Stack/value variable length arrays without heap fallback.
Pros:
- Maybe sound?
- Better than what you'll write.
Cons:
- History of unsoundness (0.4.10 and earlier)
- Disturbing amounts of unsafe
| Diff | Rating | Notes |
|---|---|---|
| .cargo_vs_info.json | +1 | |
| .travis.yml | +1 | MSRV bumped to 1.36.0, features tweaked. |
| Cargo.toml | +1 | feature "serde-1" -> "serde", 2018 edition, drop cruft |
| Cargo.toml.orig | +1 | |
| README.rst | 0 | "(not yet released)" no longer accurate. |
| benches/extend.rs | +1 | +black_box |
| build.rs | +1 | Dropped? |
| src/array.rs | +1 | Improved safety docs, although could use more explaination of what relies on the invariants. () and bool indexing for 1/2-len arrays. |
| src/array_string.rs | 0 | mem::zeroed -> MaybeUninitCopy::uninitialized. Lots of Copy constraints, one transmute -> from_utf8_unchecked_mut (safer). |
| src/lib.rs | 0 | truncate now unsafe (but sound), new try_extend_from_slice is unsafe (but sound). ArrayVec::extend ZST handling is obtuse, would be unsound in C++, but I believe sound in Rust, maybe? |
| src/maybe_uninit.rs | +1 | |
| src/maybe_uninit_nodrop.rs | +1 | Removed |
| src/maybe_uninit_stable.rs | +1 | Removed |
| src/range.rs | +1 | Removed |
| tests/serde.rs | +1 | |
| tests/tests.rs | +1 | New test cases |
0.4.11 (older version) Thoroughness: Low Understanding: Medium
Approved without comment by kornelski on 2019-07-22
Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository with a git tag matching the version. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.
To review the actual code of the crate, it's best to use cargo crev open arrayvec. Alternatively, you can download the tarball of arrayvec v0.7.4 or view the source online.
Only in debcargo (unstable). Changelog: