safety-dance icon indicating copy to clipboard operation
safety-dance copied to clipboard
verified publisher icon rust-secure-code

Audit prost

Open Shnatsel opened this issue 5 years ago • 3 comments

prost is a protobuf implementation with 3000 daily downloads. It is a high-risk component because it is exposed to untrusted data from the network.

Protocol buffers involve code generation, so simply auditing the runtime code is not sufficient - we should also look into reducing the amount of unsafe in the generated code.

Shnatsel avatar Feb 29 '20 20:02 Shnatsel

The core library has only 6 unsafe blocks, but I haven't looked at the code that it generates.

Shnatsel avatar Feb 29 '20 20:02 Shnatsel

Quick PR removing one of them https://github.com/danburkert/prost/pull/288

alex avatar Feb 29 '20 20:02 alex

Quick PR removing one of them https://github.com/danburkert/prost/pull/288

Issue tracker moved to https://github.com/tokio-rs/prost/pull/288.

The PR was closed because apparently the performance regressed. If the generated assembly is identical, how can this decrease performance?

dbrgn avatar Oct 20 '21 14:10 dbrgn