Open killercup opened 4 years ago
Hi Pascal,
Thanks for opening this issue, questions are always more than welcome! Since Rust is memory-safe by default, it offers that advantage, and I deny unsafe code directly in the library. A search for unsafe code in the image
crate returns unsafe code being used in functions which are prefixed with unsafe, and these are not used in Photon, as well as another function which is not used in this library.
Since the image
crate has had some small issues such as out of memory issues for incredibly large images, etc., there are certain edge cases yes which would cause such issues, however these are continually being worked on by the maintainers of the image
crate.
Perhaps I should rephrase the security/safety feature to not guarantee complete safety or security per se, but to say that Rust's memory-safe nature leads to much fewer memory safety issues than other languages. All thoughts would be appreciated, and thanks again for the question! Hopefully this helps answer it, and if you have any others, don't hesitate to ask 😄
Thanks for the reply!
Perhaps I should rephrase the security/safety feature to not guarantee complete safety or security per se, but to say that Rust's memory-safe nature leads to much fewer memory safety issues than other languages.
That phrasing sounds better, yes. My main concern was the blanket statement without poiting out why this library is assumed to be safer.
and I deny unsafe code directly in the library.
Perfect -- mention that and maybe add a link to the #[deny(…)]
line :)
I would perhaps also mention the ongoing effort to find bugs in the image crate and the file format decoders using fuzzing.
Under "Features", the Readme says:
This is great as marketing, but do you actively do anything to check this? Does CI run clippy? Do you deny/verify unsafe code? I know the
image
crate has some fuzzing targets which found a bunch of issues. Do you do anything like that?