jeaye/ncurses-rs

`instr` and `mvwinstr` are never safe to use

thomcc opened this issue · 4 comments

They write an arbitrary amount of data from the terminal into strings without any checks for length. It's almost impossible to use safely, and will almost certainly result in a buffer overflow.

This function should be removed (or marked as unsafe, but really there's no reason to keep it around).

See rustsec/advisory-db#106

jeaye commented

ncurses is a terribly unsafe library and ncurses-rs is the lightest weight wrapper for it possible. It's meant to expose the ncurses fns as-is. All of the issues and discussions regarding removing fns, deprecating them, etc. are all missing the point of ncurses-rs. If you want a safe and idiomatic Rust library for TUIs, look elsewhere. If you want a 1:1 C:Rust port, ncurses-rs will do the trick.

Even in C use of gets will get you a compiler warning since it's always a buffer overflow.

This is a wild take.

It turns out that rust does have a way to indicate a function is unsafe: the unsafe keyword!

It should most likely at least be added to functions like that.

jeaye commented

It turns out that rust does have a way to indicate a function is unsafe: the unsafe keyword!

It should most likely at least be added to functions like that.

#187 (comment)