`instr` and `mvwinstr` are never safe to use

Question

`instr` and `mvwinstr` are never safe to use

thomcc opened this issue 5 years ago · 4 comments

They write an arbitrary amount of data from the terminal into strings without any checks for length. It's almost impossible to use safely, and will almost certainly result in a buffer overflow.

This function should be removed (or marked as unsafe, but really there's no reason to keep it around).

See rustsec/advisory-db#106

Answer 1 · 2019-06-15T17:31:36.000Z

ncurses is a terribly unsafe library and ncurses-rs is the lightest weight wrapper for it possible. It's meant to expose the ncurses fns as-is. All of the issues and discussions regarding removing fns, deprecating them, etc. are all missing the point of ncurses-rs. If you want a safe and idiomatic Rust library for TUIs, look elsewhere. If you want a 1:1 C:Rust port, ncurses-rs will do the trick.

Answer 2 · 2019-06-15T20:25:42.000Z

Even in C use of gets will get you a compiler warning since it's always a buffer overflow.

This is a wild take.

Answer 3 · 2019-06-15T20:45:50.000Z

It turns out that rust does have a way to indicate a function is unsafe: the unsafe keyword!

It should most likely at least be added to functions like that.

Answer 4 · 2019-06-15T22:11:09.000Z

It turns out that rust does have a way to indicate a function is unsafe: the unsafe keyword!

It should most likely at least be added to functions like that.

#187 (comment)