0.8.33 (older version)
From google/supply-chain copy of google/rust-crate-audits. By Manish Goregaokar.
These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.
The current version of encoding_rs is 0.8.35.
0.8.33 (older version)
From kornelski/crev-proofs copy of git.savannah.gnu.org.
Packaged for Guix (crates-io)
0.8.32 (older version)
From mozilla/supply-chain copy of hg. Audited without comment by Mike Hommey.
0.8.31 (older version)
From mozilla/supply-chain copy of hg. By Henri Sivonen.
I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 .
* (all versions)
From mozilla/supply-chain copy of hg. By Henri Sivonen on 2019-02-26.
Show review…
I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 .
cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.
- ub-risk-3 (implies ub-risk-4)
-
Mild unsoundness or suboptimal soundness.
Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3
- ub-risk-4
Implied by other criteria
Extreme unsoundness.
Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4
- safe-to-deploy (implies safe-to-run)
-
This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. More…
- safe-to-run
Implied by other criteria
This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…
- unknown
-
May have been packaged automatically without a review
This review is from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.
The current version of encoding_rs is 0.8.35.
0.8.17 (older version) Thoroughness: Low Understanding: Low
by kornelski on 2019-07-20
Oooof, that was big
Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository with a git tag matching the version. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.
To review the actual code of the crate, it's best to use cargo crev open encoding_rs. Alternatively, you can download the tarball of encoding_rs v0.8.35 or view the source online.
Reviewed in CL 605370461 Needs extensive safety comments: