Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit prost #68

Open
Shnatsel opened this issue Feb 29, 2020 · 3 comments
Open

Audit prost #68

Shnatsel opened this issue Feb 29, 2020 · 3 comments

Comments

@Shnatsel
Copy link
Member

Shnatsel commented Feb 29, 2020
edited
Loading

prost is a protobuf implementation with 3000 daily downloads. It is a high-risk component because it is exposed to untrusted data from the network.

Protocol buffers involve code generation, so simply auditing the runtime code is not sufficient - we should also look into reducing the amount of unsafe in the generated code.
@Shnatsel Shnatsel mentioned this issue Feb 29, 2020
Open
@Shnatsel
Copy link
Member Author

The core library has only 6 unsafe blocks, but I haven't looked at the code that it generates.

@alex
Copy link
Member

alex commented Feb 29, 2020

Quick PR removing one of them https://github.com/danburkert/prost/pull/288

@dbrgn
Copy link

dbrgn commented Oct 20, 2021

Quick PR removing one of them https://github.com/danburkert/prost/pull/288

Issue tracker moved to tokio-rs/prost#288.

The PR was closed because apparently the performance regressed. If the generated assembly is identical, how can this decrease performance?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alex @dbrgn @Shnatsel