Add the last reviewed version to Cargo.toml / [dependencies]:

core-foundation = "0.7.0"

Filter reviews clicking on the numbers in the summary.

Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.

Neg
Neu
Pos
Str
tho
und
rev
1
1
1
1
crate version
rating
date
reviewer
thoroughness, understanding
core-foundation 0.7.0
negative
2020-03-21
medium, medium

Contains several flaws leading to Undefined Behavior in purely safe Rust code.
Here are the instances of UB I uncovered:

CFArray::from_copyable can trivially lead to reading uninitialized memory if
the T type argument is not pointer sized. This is GH issue #291.

In many places, NULL checks are missing entirely, leading to types assumed to
be safe by construction to be created with a NULL pointer, trivially leading
to crashes. This is especially the case in almost every allocating types.
Tracked at GH issue #361.

CFMutableDictionary has multiple issues allowing one to trivially cause UB by
calling add with arbitrary pointers. Furthermore, the CFMutableDictionary
constructor calls CFDictionaryCreateMutable with the
kCFTypeDictionary*CallBacks, causing issues if non-CFTypes are inserted into
the dictionary. This is not, however, ensured at the type level. Tracked at
GH issue #362.

TCFType is a safe trait that should be implemented on the safe Core Foundation
type wrappers. Many functions assume that a type implementing TCFType is in
fact core-foundation managed, despite the trait being safe to implement. This
can trivially cause UB simply by calling the default retain_count() on
a broken implementation, or by passing a broken implementation to
CFArray::from_CFTypes. This is tracked at #364.

core-foundation 0.7.0
negative
2020-03-21
none, low

Contains large amounts of UB and segfault-prone code. See https://github.com/servo/core-foundation-rs/issues/361 and https://github.com/servo/core-foundation-rs/issues/291.

core-foundation 0.6.4
positive
2019-07-20
low, low

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/