Sergey "Shnatsel" Davidoff
Sergey "Shnatsel" Davidoff
As long as balloc API is not re-exported or otherwise exposed, it should be okay to introduce if an API change is planned anyway for #40 I understand the limiting...
Also, do I understand correctly that Vorbis comments for which balloc is currently used are not compressed in any way? In that case you only have to limit the amount...
I mean something like this, overflow checks omitted for brevity: ```rust if total_comments_len + comment_len < limit { vec::with_capacity(comment_len) total_comments_len += comment_len } else { vec::new() } ``` For uncompressed...
There is now support for custom allocators in Vec on nightly: https://github.com/rust-lang/rust/pull/78461 This should make keeping track of allocations a great deal easier.
True. And since there is no annotation on when the invariant is established again, automated tools cannot audit just the parts that absolutely require panic safety. Bummer.
If a function contains `unsafe` blocks but is not unsafe to call, the end of the function is where the unsafety is supposed to end. So that's feasible. If the...
Also, should `--bin` be a flag or a subcommand? We have to decide now because it would be difficult to change later. I have used it as a flag because...
I meant `$HOME/.cargo/bin` > I would expect `cargo audit --bin /usr/local/bin/progam` to work Yeah, that would make sense, but there's already an `-f` flag for specifying the textual file to...
I've reworked the CLI to accept multiple binaries to scan at once. This speeds up scanning multiple binaries dramatically, since the database only needs to be loaded once.
I don't understand what's up with CI. The error is: ``` Run cargo build --no-default-features --release --target wasm32-unknown-unknown Updating crates.io index error: failed to select a version for the requirement...