Erick Tryzelaar
Erick Tryzelaar
I just ran https://github.com/nst/JSONTestSuite to see how we're doing, and I saw that json-rust is accepting this [sample that's supposed to fail parsing](https://github.com/nst/JSONTestSuite/blob/master/test_parsing/n_structure_whitespace_formfeed.json). According to the [grammar](https://tools.ietf.org/html/rfc7159#section-2), the allowed whitespace...
fsatrace does not appear to trace the mkdir calls, which can create unexpected traces when working with temporary directories. Consider the Rust library [tempfile](https://docs.rs/tempfile/latest/tempfile/). Here's a simple case where we...
FYI, serde_json has a recursion limit to protect from malicious clients sending a deeply recursive structure and DOS-ing a server. However, it does have an optional feature [unbounded_depth](https://github.com/serde-rs/json/blob/master/Cargo.toml#L68) that disables...
There have been a lot of changes in the upstream graphviz crate, which haven't made it down here. The two significant changes are that the trait node and edges have...
FYI in case you all haven't seen that the latest benchmark has been [released](https://benchmarks.cisecurity.org/downloads/show-single/?file=ubuntu1604.100) for Ubuntu 16.04 Xenial.
In Fuchsia, we're doing an [update](https://fuchsia-review.googlesource.com/c/fuchsia/+/517844) of our vendored version of crossbeam. As part of our review, we found a number of `unsafe` blocks that was hard to audit due...
In https://github.com/servo/rust-url/pull/252, @Manishearth is writing a serde deserializer for urls since parsing a string can be expensive. However, to do this safely from untrusted sources, they need to validate that...
**Version** 1.17.0 Head **Platform** Linux **Description** We're updating our Tokio dependency from 0.2.21 to 1.17.0 in https://fuchsia-review.googlesource.com/c/fuchsia/+/611683, and as part of it we're auditing Tokio. We noticed that tokio::net has...
I noticed that the implication for [future::Fuse](https://github.com/rust-lang/futures-rs/blob/master/futures-util/src/future/future/fuse.rs) will drop the wrapped future when it completes, but [stream::Fuse](https://github.com/rust-lang/futures-rs/blob/master/futures-util/src/stream/stream/fuse.rs) keeps around the stream after it's completed. Would it make sense to make...
Would you be willing to add an explicit feature flag that says we're compiling with an external boringssl, or possibly consider removing the vendored boringssl from the [quiche crate](https://docs.rs/crate/quiche/latest/source/deps/boringssl/)? This...