Code reviews of the RGB crate // Lib.rs

These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.

The current version of RGB is 0.8.37.

0.8.36 (older version) safe-to-run

From kornelski/crev-proofs copy of salsa.debian.org.

Packaged for Debian (stable). Changelog:

Package rgb 0.8.36 from crates.io using debcargo 2.6.0
Fix tests when building with only the argb feature.

[ Blair Noctis ]

Team upload.
Package rgb 0.8.34 from crates.io using debcargo 2.6.0 (Closes: #969213)
Collapse features

0.8.36 (older version) unknown

From kornelski/crev-proofs copy of git.savannah.gnu.org.

Packaged for Guix (crates-graphics)

cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.

safe-to-run

This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…

unknown

May have been packaged automatically without a review

These reviews are from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.

The current version of RGB is 0.8.37.

0.8.20 (older version) Rating: Positive Thoroughness: Low Understanding: Medium

by HeroicKatora on 2020-08-29

On first glance you'll find a lot of unsafety but most of it is (now) benign. The largest parts are casting a transparent, repr-C wrapper struct to native arrays or slices and forwarding impls of bytemuck::{Pod, Zeroable} accordingly. There's a derive crate for bytemuck that may be used instead. There are not a lot of safety comments but not a lot of invariants used either.

0.8.20 (older version) Rating: Positive Thoroughness: High Understanding: High

by kornelski on 2020-07-08

Fixed soundness of ComponentBytes

0.8.18 (older version) Rating: Negative Thoroughness: Low Understanding: Medium

by HeroicKatora on 2020-06-14

Show review…

A longstanding soundness issue of interpreting a user input type T as bytes... This goes back to 0.2 at least where we have the following trait:

pub trait ComponentBytes<T> {
  fn as_slice(&self) -> &[T];
  fn as_mut_slice(&mut self) -> &mut [T];

  // Provides: does this obvious transmutation cast of `as_slice` result.
  fn as_bytes(&self) -> &[u8] { ... }
}

This is so unsound, the user can even return an wrong slice of an arbitrary and just let this trait do the dirty work of inspecting its bytes.

In a more recent version we're allowed to even write into that byte slice! Let us create null references, invalid enums, whatever your heart desires.

Issue: High (github.com/kornelski/rust-rgb/issues/35)

0.8.17 (older version) Rating: Positive Thoroughness: High Understanding: High

Approved without comment by kornelski on 2020-04-23

Lib.rs has been able to verify that all files in the crate's tarball, except Cargo.lock, are in the crate's repository with a git tag matching the version. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.

To review the actual code of the crate, it's best to use cargo crev open rgb. Alternatively, you can download the tarball of rgb v0.8.37 or view the source online.