-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit gif #24
Comments
The C API is where most of the unsafety lies. It is currently highly experimental and can be ignored. However, it looks like the core library could be made 100% safe. I've started purging unsafe code, but I will not be able to finish the job. Done so far: |
My work is merged, so there are only two unsafe blocks remaining outside the C API, both doing the same thing - transmuting the lifetime away: |
The 2 remaining unsafe blocks actually pass Polonius checks, see https://github.com/danielhenrymantilla/image-gif/tree/polonius-fix So I'm considering them audited and assume that 100% safety is blocked until Polonius. |
Tracking issue on rustc side: rust-lang/rust#51545 |
https://crates.io/crates/gif
Pure-Rust GIF decoder, used in
image
and everything that relies on it. 2000 downloads/day. High risk due to parsing untrusted data in a binary format.The text was updated successfully, but these errors were encountered: