silvia-odwyer
commented
4 years ago Hi Pascal,
Thanks for opening this issue, questions are always more than welcome! Since Rust is memory-safe by default, it offers that advantage, and I deny unsafe code directly in the library. A search for unsafe code in the image crate returns unsafe code being used in functions which are prefixed with unsafe, and these are not used in Photon, as well as another function which is not used in this library.
Since the image crate has had some small issues such as out of memory issues for incredibly large images, etc., there are certain edge cases yes which would cause such issues, however these are continually being worked on by the maintainers of the image crate.
Perhaps I should rephrase the security/safety feature to not guarantee complete safety or security per se, but to say that Rust's memory-safe nature leads to much fewer memory safety issues than other languages. All thoughts would be appreciated, and thanks again for the question! Hopefully this helps answer it, and if you have any others, don't hesitate to ask 😄
killercup
Under "Features", the Readme says:
This is great as marketing, but do you actively do anything to check this? Does CI run clippy? Do you deny/verify unsafe code? I know the
imagecrate has some fuzzing targets which found a bunch of issues. Do you do anything like that?