You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This crate has lots of unsafe code copied from the standard library several years ago. The stdlib is updated from time to time to fix problems in its unsafe code, but since this crate does not inherit those fixes, code in allocator-api2 remains buggy.
Just to give one example, when doing a security review of this crate, the first file I looked at was splice.rs, which is missing this change, meaning that this crate is using pointer::add in violation of its safety requirements. Every other file in the vec module I looked at is also missing things that have changed in the stdlib implementation.
The text was updated successfully, but these errors were encountered:
This crate has lots of unsafe code copied from the standard library several years ago. The stdlib is updated from time to time to fix problems in its unsafe code, but since this crate does not inherit those fixes, code in allocator-api2 remains buggy.
Just to give one example, when doing a security review of this crate, the first file I looked at was
splice.rs, which is missing this change, meaning that this crate is usingpointer::addin violation of its safety requirements. Every other file in the vec module I looked at is also missing things that have changed in the stdlib implementation.The text was updated successfully, but these errors were encountered: