This review is from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.

0.1.0 (current) Rating: Negative Thoroughness: Medium Understanding: Medium

by MaulingMonkey on 2019-08-30

API design is super brittle. Returning uninitialized memory seems like UB-bait.


File Rating Notes
src/ -1 Soundish, but unsafe as heck APIs.
.cargo-ok +1
.gitignore +1
.travis.yml +1
Cargo.toml +1 +1
Other Rating Notes
unsafe -1 Soundish, but unsafe as heck API design.
fs +1 None
io +1 None
docs +1
tests +1


Line What Notes
23 allocate This looks like it returns uninitialized memory (only sizes capacity not actual size). UB bait. Unaligned.
38 reallocate Minimal debug checks, constructs Vec from_raw_parts with size when the real vec had size 0.

Crates in the registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.

To review the actual code of the crate, it's best to use cargo crev open memalloc. Alternatively, you can download the tarball of memalloc v0.1.0 or view the source online.