Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move from using unsound from_utf8_unchecked to safe from_utf8 forwarding error #393

Closed
hashedone opened this issue Aug 26, 2021 · 3 comments
Closed

Move from using unsound from_utf8_unchecked to safe from_utf8 forwarding error #393

hashedone opened this issue Aug 26, 2021 · 3 comments
Labels
enhancement New feature or request good first issue Good for newcomers
Milestone
v0.9.0

Comments

@hashedone
Copy link
Contributor

hashedone commented Aug 26, 2021
edited
Loading

Discussion about this was part of previous PR: confio/tfi#46 (comment)

TL;DR:
Overhead of verifying utf8 strings if very long, as it is O(str.len()), and we are typically operating on very short strings. Comparing to another overheads we introduce for sanity checks it is close to zero cost. The problem is, that if for any reason (not only attack, but also bugs) string assumed to be utf8 encoded ends up not to be, it using unchecked variant is not introducing crash - it introduces UB, and in worst case it might be exploitable. It doesn't make sense to abandon all safety guarantees of Rust just to avoid quick string scan. Also besides of being safest, the safe version is actually shorter, and doesn't involve unsafe block which is messy and always involves second thoughts while reading (or at least should).
@hashedone hashedone added enhancement New feature or request good first issue Good for newcomers labels Aug 26, 2021
@ethanfrey ethanfrey added this to the v0.9.0 milestone Aug 26, 2021
@ueco-jb
Copy link
Contributor

ueco-jb commented Sep 3, 2021

If my search is correct then I think there are no from_utf8_unchecked calls in cw-plus repository.

@ueco-jb ueco-jb mentioned this issue Sep 3, 2021
Closed
@ueco-jb
Copy link
Contributor

ueco-jb commented Sep 3, 2021

To close with not relevant comment.

@maurolacy
Copy link
Contributor

Closing this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
v0.9.0
Development

No branches or pull requests
4 participants
@ethanfrey @hashedone @maurolacy @ueco-jb