Remove unsafe #950
Labels
performance
Issue related to a performance problem or pull request improving performance.
Comments
|
Had a reply from @pelletier on Slack: basically this was for performance. He's happy with removing unsafe as long as the performance doesn't drop significantly, or perhaps if we can mostly offset it with some speedups elsewhere. |
pelletier
added
the
performance
|
Pinning this issue for visibility if anyone feels inclined to do it! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I count over a dozen lines which make use of https://pkg.go.dev/unsafe. This seems very odd for a TOML library. There should not be any need to do any unsafe pointer arithmetic to encode or decode TOML. Even if it makes the code a little bit easier to write or a little bit faster in some benchmarks, it also opens the possibility for all sorts of memory safety bugs, meaning that one could end up with a CVE just from decoding a bit of TOML with Go, a language that is otherwise memory safe :)
I'm happy to help remove unsafe, but I wanted to ask first. Note that the Go standard library, as well as popular third party encoding libraries like protobuf, avoid the use of unsafe as well.
The text was updated successfully, but these errors were encountered: