Closed Qwaz closed 3 years ago
Or, should the marker traits in typenum need to be updated to unsafe traits or sealed traits that actually prevent inconsistent downstream implementation?
This. I would welcome a PR to update them to sealed traits and would not consider it a breaking change as the documentation has been clear on this point since before 1.0. I just was not familiar with that pattern at the time.
Edit: It was quick and easy, so I made the PR myself.
Thanks for the prompt fix!
The documentation of Unsigned and other typenum marker traits says "This trait should not be implemented for anything outside this crate." However, the definition still allows custom implementation of them. This could affect the soundness of dependent crates if methods like
Unsgined::to_usize()
are used in unsafe context.For a better context, here is a proof-of-concept code that triggers buffer overflow with flatk. Would this be considered a soundness issue in flatk, such that it shouldn't use
Unsigned
in unsafe context? Or, should the marker traits in typenum need to be updated to unsafe traits or sealed traits that actually prevent inconsistent downstream implementation?