Closed thomcc closed 5 years ago
Again, same point as before. ncurses-rs does not do any processing on top of just handing data to/from ncurses.
However, I appreciate your intention and I don't want to leave people using ncurses-rs thinking (and apparently knowing nothing about ncurses) that this could possibly be a safe library, so I've added the following: https://github.com/jeaye/ncurses-rs/commit/a52dbb37d93f0dfe07a57ad4e8aaaae8ae448675
I would be open to a PR marking all of the appropriate fns unsafe
, but not any more PRs or issues around making ncurses-rs do anything more than its purpose. There are safer TUI libraries for Rust; hell, there are far safer TUI libraries for C, even.
This is note is most certainly not sufficient. Noone is going to read and find it.
All the functions should be marked as unsafe
. That's what the language mandates.
This is a memory safety problem, since many functions in the rust stdlib are UB if you have a non-utf8 string.
These functions should be changed to ensure that only valid utf8 is input.
See https://github.com/RustSec/advisory-db/issues/106, although it's unclear if there's a way for this to be exploitable (unlike the others).