Audit smallvec

[64]

Over 10k downloads/day and contains a lot of unsafe. Has had a number of vulnerabilities in the past.

[Shnatsel]

Previous vulns for reference: https://github.com/RustSec/advisory-db/tree/master/crates/smallvec

There are still open concerns about use of uninitialized memory: https://github.com/servo/rust-smallvec/issues/126 https://github.com/servo/rust-smallvec/issues/139 Porting to MaybeUninit<T> would resolve them.

There is also not much internal consistency checking going on, making the crate hard to test: https://github.com/servo/rust-smallvec/issues/124

[Shnatsel]

PR for conversion to MaybeUninit is up: https://github.com/servo/rust-smallvec/pull/162

It will also require bumping the minimum supported Rust version, so a lot of unsafe code present for backwards-compatibility could be cleansed once this lands.