0.9.4 — diff review from 0.9.3 only (current)
From mozilla/supply-chain copy of hg. By Teodor Tanasoaia.
These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.
0.9.4 (current)
From kornelski/crev-proofs copy of git.savannah.gnu.org.
Packaged for Guix (crates-apple)
The current version of CoreFoundation is 0.9.4.
0.9.1 (older version)
From kornelski/crev-proofs copy of salsa.debian.org.
Packaged for Debian (stable). Changelog:
- Team upload.
- Package core-foundation 0.9.1 from crates.io using debcargo 2.5.0
- Bump UUID dependency.
* (all versions)
From mozilla/supply-chain copy of hg. By Bobby Holley on 2019-11-12.
Show review…
I've reviewed every source contribution that was neither authored nor reviewed by Mozilla.
* (all versions)
From mozilla/supply-chain copy of hg. By Bobby Holley on 2019-03-29.
Show review…
I've reviewed every source contribution that was neither authored nor reviewed by Mozilla.
cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.
- safe-to-deploy (implies safe-to-run)
-
This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. More…
- safe-to-run
-
This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…
- unknown
-
May have been packaged automatically without a review
These reviews are from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.
The current version of CoreFoundation is 0.9.4.
0.7.0 (older version) Thoroughness: Medium Understanding: Medium
by roblabla on 2020-03-21
Contains several flaws leading to Undefined Behavior in purely safe Rust code. Here are the instances of UB I uncovered:
CFArray::from_copyable can trivially lead to reading uninitialized memory if the T type argument is not pointer sized. This is GH issue #291.
In many places, NULL checks are missing entirely, leading to types assumed to be safe by construction to be created with a NULL pointer, trivially leading to crashes. This is especially the case in almost every allocating types. Tracked at GH issue #361.
CFMutableDictionary has multiple issues allowing one to trivially cause UB by
calling add with arbitrary pointers. Furthermore, the CFMutableDictionary
constructor calls CFDictionaryCreateMutable with the
kCFTypeDictionary*CallBacks, causing issues if non-CFTypes are inserted into
the dictionary. This is not, however, ensured at the type level. Tracked at
GH issue #362.
TCFType is a safe trait that should be implemented on the safe Core Foundation
type wrappers. Many functions assume that a type implementing TCFType is in
fact core-foundation managed, despite the trait being safe to implement. This
can trivially cause UB simply by calling the default retain_count() on
a broken implementation, or by passing a broken implementation to
CFArray::from_CFTypes. This is tracked at #364.
0.7.0 (older version) Thoroughness: None Understanding: Low
by leo60228 on 2020-03-21
Contains large amounts of UB and segfault-prone code. See https://github.com/servo/core-foundation-rs/issues/361 and https://github.com/servo/core-foundation-rs/issues/291.
0.6.4 (older version) Thoroughness: Low Understanding: Low
Approved without comment by kornelski on 2019-07-20
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open core-foundation. Alternatively, you can download the tarball of core-foundation v0.9.4 or view the source online.
I've reviewed every source contribution that was neither authored nor reviewed by Mozilla.