Sergey "Shnatsel" Davidoff

It would be interesting, but I'm afraid I'll have to decline. I already have two ongoing Rust projects that have higher priority, and one of them isn't even announced yet.

In the meanwhile I've done a pass with plain old AFL. I've targeted the elf parser since it contains a suspicious amount of unsafe code. I've also thrown in some...

> I found [`isahc`](https://crates.io/crates/isahc) which wraps Curl but otherwise looks pretty similar to `ureq`. It doesn't use `rustls` so it avoids the issues `ureq` has. `isahc` is async and relatively...

> One thing that I did run into with my [`listenbrainz`](https://github.com/InputUsername/listenbrainz-rs) crate was that `ureq` (which `rustfm-scrobble` currently uses) sometimes errors out when connecting to api.listenbrainz.org @InputUsername could you report...

So arbitrary input was erroneously passed to libncursesw where it expected a format string? Nice find! Once a fix is published, this issue should be added to the [Rust security...

To clarify, I have listed a bunch of approaches to software verification, and I do not expect fuzzing specifically to discover many interesting bugs, unless there is gross negligence in...

All `unsafe` blocks in serde seem to be in serialization, not in deserialization. So fuzzing is unlikely to help you find those, since non-specialized fuzzers are unable to systematically produce...

@dtolnay than you for the clarification! I'd really appreciate if you could add a code comment explaining why a poorly implemented `Display` trait would not be a security issue. Here's...

I was wondering if it was possible for an implementation of Display to actually write a different amount of bytes than is eventually reported to this code via slice mutation...

Thanks a lot to @dtolnay for clarifications and for bearing with me. This attitude to safety is commendable. Apologies to **mre** for somewhat unrelated discussion on the issue.