Move from using unsound from_utf8_unchecked to safe from_utf8 forwarding error
#393
Labels
Milestone
Comments
hashedone
added
enhancement
|
If my search is correct then I think there are no |
|
To close with |
|
Closing this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Discussion about this was part of previous PR: confio/tfi#46 (comment)
TL;DR:
Overhead of verifying utf8 strings if very long, as it is
O(str.len()), and we are typically operating on very short strings. Comparing to another overheads we introduce for sanity checks it is close to zero cost. The problem is, that if for any reason (not only attack, but also bugs) string assumed to be utf8 encoded ends up not to be, it usinguncheckedvariant is not introducing crash - it introduces UB, and in worst case it might be exploitable. It doesn't make sense to abandon all safety guarantees of Rust just to avoid quick string scan. Also besides of being safest, the safe version is actually shorter, and doesn't involveunsafeblock which is messy and always involves second thoughts while reading (or at least should).The text was updated successfully, but these errors were encountered: