Sergey "Shnatsel" Davidoff
Sergey "Shnatsel" Davidoff
I don't think we can publish an advisory given only a git range. But the problem is that we don't have a way of knowing which advisories were originally git-only,...
Indeed, since the git commit hash is available to us through Cargo, we could extend the database to support Git version ranges as well. It was me who named the...
Anyway, hypothetical support for Git repos is a ways off. Step 1 is importing IDs. Step 2 is importing the advisories we can import, losslessly. I will bring up the...
I have looked into GHSA's export to OSV a bit more, and discussed it with a Github engineer. It appears that in the above instance a human has mapped the...
I am not aware of any blockers. I am a little wary of using something that's clearly not the native format and currently silently produces nonsensical results, but OTOH some...
FWIW I've experimented with Faster which would let us get rid of `unsafe`s in Tungstenite, and I think I've figured out a workable solution, but it still involves casting `&[u8;...
I believe benchmarks against SSE2 would be more interesting because enabling AVX2 would require runtime detection, which will likely hurt small inputs (e.g. by interfering with inlining). While on x86_64...
I've prototyped SIMD masking using Faster. The good news is that basically the entire `mask_fast_32()` with all its `unsafe`s can be rewritten into this: ```rust let mask_u32 = u32::from_bytes(mask); let...
FWIW I'm happily using Frame::parse() for fuzzing the frame parser right now. https://github.com/Shnatsel/tungstenite-afl I've found no crashes or even debug mode panics, but it did autogenerate 15 frames that cover...
> The input comes from a network buffer that has to receive proper feedback. After reading the implementation of `parse()` again I see it doing two things: advancing the cursor...