Code reviews of the Rgb crate // Lib.rs

These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.

The current version of Rgb is 0.8.90-alpha.2.

0.8.37 (older version) unknown

From kornelski/crev-proofs copy of git.savannah.gnu.org.

Packaged for Guix (crates-graphics)

0.8.36 (older version) safe-to-run

From kornelski/crev-proofs copy of salsa.debian.org.

Packaged for Debian (stable). Changelog:

Package rgb 0.8.36 from crates.io using debcargo 2.6.0
Fix tests when building with only the argb feature.

[ Blair Noctis ]

Team upload.
Package rgb 0.8.34 from crates.io using debcargo 2.6.0 (Closes: #969213)
Collapse features

cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.

safe-to-run

This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…

unknown

May have been packaged automatically without a review

These reviews are from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.

The current version of Rgb is 0.8.90-alpha.2.

0.8.20 (older version) Rating: Positive Thoroughness: Low Understanding: Medium

by HeroicKatora on 2020-08-29

On first glance you'll find a lot of unsafety but most of it is (now) benign. The largest parts are casting a transparent, repr-C wrapper struct to native arrays or slices and forwarding impls of bytemuck::{Pod, Zeroable} accordingly. There's a derive crate for bytemuck that may be used instead. There are not a lot of safety comments but not a lot of invariants used either.

0.8.20 (older version) Rating: Positive Thoroughness: High Understanding: High

by kornelski on 2020-07-08

Fixed soundness of ComponentBytes

0.8.18 (older version) Rating: Negative Thoroughness: Low Understanding: Medium

by HeroicKatora on 2020-06-14

Show review…

A longstanding soundness issue of interpreting a user input type T as bytes... This goes back to 0.2 at least where we have the following trait:

pub trait ComponentBytes<T> {
  fn as_slice(&self) -> &[T];
  fn as_mut_slice(&mut self) -> &mut [T];

  // Provides: does this obvious transmutation cast of `as_slice` result.
  fn as_bytes(&self) -> &[u8] { ... }
}

This is so unsound, the user can even return an wrong slice of an arbitrary and just let this trait do the dirty work of inspecting its bytes.

In a more recent version we're allowed to even write into that byte slice! Let us create null references, invalid enums, whatever your heart desires.

Issue: High (github.com/kornelski/rust-rgb/issues/35)

0.8.17 (older version) Rating: Positive Thoroughness: High Understanding: High

Approved without comment by kornelski on 2020-04-23

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.

To review the actual code of the crate, it's best to use cargo crev open rgb. Alternatively, you can download the tarball of rgb v0.8.90-alpha.2 or view the source online.