Lokathor
commented
5 years ago WOW THEY'RE USING AN offset_of! MACRO
THAT'S A GOOD PLAN.
(it's never a good plan)
Open yoshuawuyts opened 5 years ago
Lokathor
commented
5 years ago WOW THEY'RE USING AN offset_of! MACRO
THAT'S A GOOD PLAN.
(it's never a good plan)
64
commented
5 years ago See also rust-lang/unsafe-code-guidelines#158
Shnatsel
commented
5 years ago Not directly relevant to auditing crossbeam itself, but I've noticed they're pulling in a dependency with 170 unsafe expressions just to write a few lines with it, so I've replaced it with ad-hoc safe code: https://github.com/crossbeam-rs/crossbeam/pull/414
https://crates.io/crates/crossbeam has about 6000 downloads a day*, has 162 inverse dependencies (of which a non-zero amount operates on untrusted input) and is generally considered a core piece of infrastructure.
A cursory search points to 67 references of unsafe, in addition to 106 references to atomics which probably makes it a suitable candidate for an audit.
Probably more since crossbeam is a defacto repackage of several smaller `crossbeam-` modules.