Cryptographically verifiable, distributed dependency reviews
Add the last reviewed version to Cargo.toml / [dependencies]:
dtb = "0.1.3"
Please, use mobile in landscape.
Filter reviews clicking on the numbers in the summary.
Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.
© bestia.dev 2021, MIT Licence, Version: 2021.1208.1729
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/
Liberal use of
unsafeand sparse validation of in puts indices and offsets.
In principle, the dtb format lends itself well to this use as the file format
itself already requires the alignment of many members and takes care to have
naturally packed structs–with aligned members but no padding.
It is thus possibly safe to map many parts of an immutable input directly to
structs marked as
repr(C), which also correctly appears.
unsafeblocks contain only few indications of consideration of
their safety. Sometimes alignment checks appear obviously above but most
iterators implicitely trust their callers on the alignment of internal
buffers. It also seems that not all functions relying on
preconditions are marked
unsafe. This applies to internal functions only
but may make the crate more brittle than necessary.
Another antipattern is that of a byte output buffer: A
reading its value as strings or a
u32list. But instead of an iterator over
the backing memory the implementation takes an mutable reference to a byte
slice, manually aligns it to fit the output type, casts it, and writes the
u32. I have not found concrete misbehaviour from
this but it seems awkward.