logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

reviewer: roblabla

https://lib.rs/roblabla

Rust links:

Rust-lang.org

lib.rs

crates.io

docs.rs

$ cargo crev repo fetch url https://github.com/roblabla/crev-proofs
$ cargo crev id trust b5KVguZFzGkZ-ZFynEYB7ttSIOK5pW8sRXlUMZ8U6Ik

repo: https://github.com/roblabla/crev-proofs

Please, use mobile in landscape.

crate version
rating
date
reviewer
thoroughness, understanding
core-foundation 0.7.0
negative
2020-03-21
roblabla
medium, medium

Contains several flaws leading to Undefined Behavior in purely safe Rust code.
Here are the instances of UB I uncovered:

CFArray::from_copyable can trivially lead to reading uninitialized memory if
the T type argument is not pointer sized. This is GH issue #291.

In many places, NULL checks are missing entirely, leading to types assumed to
be safe by construction to be created with a NULL pointer, trivially leading
to crashes. This is especially the case in almost every allocating types.
Tracked at GH issue #361.

CFMutableDictionary has multiple issues allowing one to trivially cause UB by
calling add with arbitrary pointers. Furthermore, the CFMutableDictionary
constructor calls CFDictionaryCreateMutable with the
kCFTypeDictionary*CallBacks, causing issues if non-CFTypes are inserted into
the dictionary. This is not, however, ensured at the type level. Tracked at
GH issue #362.

TCFType is a safe trait that should be implemented on the safe Core Foundation
type wrappers. Many functions assume that a type implementing TCFType is in
fact core-foundation managed, despite the trait being safe to implement. This
can trivially cause UB simply by calling the default retain_count() on
a broken implementation, or by passing a broken implementation to
CFArray::from_CFTypes. This is tracked at #364.

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/