logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

crate: rgb

https://lib.rs/crates/rgb/

Rust links:

Rust-lang.org

lib.rs

crates.io

docs.rs

Add the last reviewed version to Cargo.toml / [dependencies]:

rgb = "0.8.20"

Please, use mobile in landscape.

Filter reviews clicking on the numbers in the summary.

Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.

Neg
Neu
Pos
Str
tho
und
rev
crate
1
10
14
18
11
0.8.20
3
4
5
3
0.8.18
1
1
1
0.8.17
1
2
2
1
0.8.11
2
4
4
2
0.8.7
4
4
6
4
crate version
rating
date
reviewer
thoroughness, understanding
rgb 0.8.18
negative
2020-06-14
HeroicKatora
low, medium
advisories:
https://github.com/kornelski/rust-rgb/issues/35
high

A longstanding soundness issue of interpreting a user input type T as
bytes... This goes back to 0.2 at least where we have the following trait:

pub trait ComponentBytes<T> {
  fn as_slice(&self) -> &[T];
  fn as_mut_slice(&mut self) -> &mut [T];

  // Provides: does this obvious transmutation cast of `as_slice` result.
  fn as_bytes(&self) -> &[u8] { ... }
}

This is so unsound, the user can even return an wrong slice of an arbitrary
and just let this trait do the dirty work of inspecting its bytes.

In a more recent version we're allowed to even write into that byte slice!
Let us create null references, invalid enums, whatever your heart desires.

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/