Lib.rs

cpython › Reviews
RUSTSEC-2023-0076 (unmaintained) on 2023-11-14: cpython is unmaintained

The cpython crate and the underlying python3-sys and python27-sys crates have been marked as no longer actively maintained by the developer.

There are also open issues for unsound code that is currently in these crates:

  • cpython#265: Using some string functions causes segmentation faults on big-endian architectures. Due to incorrect bitfield manipulations, it is possible to create invalid Python objects that crash the Python interpreter.
  • cpython#294: Python 3.12 is not supported. Due to ABI changes in Python 3.12, calling some string functions will result in invalid Python objects and / or cause out-of-bounds memory accesses.
  • pyo3 (version 0.19.2 and newer)

The pyo3 crate is actively maintained. Preliminary support for Python 3.12 was added in version 0.19.2, and version 0.20.0 was released with full support for Python 3.12.

Both versions implement string functions correctly on big-endian architectures. The endianness issue affecting the cpython crate was fixed in recent versions of pyo3.

https://github.com/dgrunwald/rust-cpython/issues/265

https://github.com/dgrunwald/rust-cpython/issues/294

This crate has no reviews yet. To add a review, set up your cargo-crev.

Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository with a git tag matching the version. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.

To review the actual code of the crate, it's best to use cargo crev open cpython. Alternatively, you can download the tarball of cpython v0.7.1 or view the source online.