mvdan
commented
1 month ago Had a reply from @pelletier on Slack: basically this was for performance. He's happy with removing unsafe as long as the performance doesn't drop significantly, or perhaps if we can mostly offset it with some speedups elsewhere.
I count over a dozen lines which make use of https://pkg.go.dev/unsafe. This seems very odd for a TOML library. There should not be any need to do any unsafe pointer arithmetic to encode or decode TOML. Even if it makes the code a little bit easier to write or a little bit faster in some benchmarks, it also opens the possibility for all sorts of memory safety bugs, meaning that one could end up with a CVE just from decoding a bit of TOML with Go, a language that is otherwise memory safe :)
I'm happy to help remove unsafe, but I wanted to ask first. Note that the Go standard library, as well as popular third party encoding libraries like protobuf, avoid the use of unsafe as well.