These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.

The current version of itoa is 1.0.11.

1.0.9 (older version) unknown

From kornelski/crev-proofs copy of salsa.debian.org.

Only in debcargo (unstable). Changelog:

  • Team upload.
  • Package itoa 1.0.9 from crates.io using debcargo 2.6.0 (Closes: #1043517)
  • Set collapse_features = true
  • Set test_is_broken for the no-panic feature, rust-no-panic only works in release mode.

cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.

safe-to-deploy (implies safe-to-run)

This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. More…

safe-to-run

This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…

does-not-implement-crypto (implies crypto-safe)

Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own.

Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be "good enough" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.

crypto-safe
Implied by other criteria

All crypto algorithms in this crate have been reviewed by a relevant expert.

Note: If a crate does not implement crypto, use does-not-implement-crypto, which implies crypto-safe, but does not require expert review in order to audit for.

ub-risk-2 (implies ub-risk-3)

Negligible unsoundness or average soundness.

Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2

ub-risk-3 (implies ub-risk-4)
Implied by other criteria

Mild unsoundness or suboptimal soundness.

Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3

ub-risk-4
Implied by other criteria

Extreme unsoundness.

Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4

unknown

May have been packaged automatically without a review


These reviews are from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.

The current version of itoa is 1.0.11.

0.4.8 (older version) Rating: Positive Thoroughness: Low Understanding: Medium

by leo60228 on 2021-09-28

only minor changes

0.4.4 (older version) Rating: Positive Thoroughness: Low Understanding: Medium

Approved without comment by ryanisaacg on 2019-08-26

0.4.4 (older version) Rating: Neutral Thoroughness: Low Understanding: Low

by MaulingMonkey on 2019-07-26

I believe this is sound, but has way too much unsafe and too few tests for my tastes. udivmod_1e19 reduces my thoroughness and understanding to low, otherwise both would be medium or higher.

Reviewed: benches/bench.rs +1

src/lib.rs          0
    119 mem::uninitialized (POD)
    164 impl_IntegerCommon is potentially unsound, but not public, and guarded by debug_assert!s at least.
        Would vastly prefer static_assertions though.
    196 one giant unsafe block for pointer math?  No bounds checks?  Super gross!
        Relies on $max_len being enough for $t with no bounds checking.
        Relies on d1/d2/n being unable to overflow DEC_DIGITS_LUT.
        A careful reading makes this appear technically sound, but super super sketchy.
    246 Carefully audited for impl_Integer.
    255 Carefully audited for impl_Integer.
    267 Carefully audited for impl_Integer.
    270 Carefully audited for impl_Integer.
    273 Carefully audited for impl_Integer.
    294 Again?  A careful reading makes this appear technically sound, but super super sketchy.
    338 Carefully audited for impl_Integer128.
    339 Shouldn't this technically have the cfg if U128_MAX_LEN is going to have it?
    341 Carefully audited for impl_Integer128.

tests/test.rs       +1
    Not nearly enough tests for my liking given how much unsafe code there is.
    I'd like to see every edge case of iota::write tested, they aren't.
    I'd like to see every edge case of udivmod_1e19 tested, it's not directly tested at all.

.gitignore          +1
.travis.yml         +1
Cargo.toml          +1
Cargo.toml.orig     +1
README.md           +1

Not yet fully reviewed:

src/udiv128.rs      0
    34  Correct - since high is nonzero (line 29 bails if it wasn't), leading_zeros < 64.
    35+ My eyes glazed over at this point.  I haven't verified udivmod_1e19(...).1 meets it's invariants!

TIL: You can use \``edition2018on doc comment code blocks. You can have a public trait require a private one to "seal" it. You can specifysudo: false` in .travis.yml


Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball. To review the actual code of the crate, it's best to use cargo crev open itoa. Alternatively, you can download the tarball of itoa v1.0.11 or view the source online.