Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Also, we have fantastic tools like miri to make sure that any unsafe blocks are actually safe. So you can even install some new guard rails for your unsafe block!
You should almost* never use static mut, as it's mostly impossible to use correctly, to the point that there have been discussions about deprecating it (https://github.com/rust-lang/rust/issues/53639). Especially with multithreaded code, as it should use atomics/mutex instead.
The most "virtuous"/desirable statement in this topic is probably the "100% safe code now - while being faster than the C version!" on the rust-secure-code/safety-dance entry for miniz_oxide.
You can often achieve this without any unsafe by putting an assert!() on the length before the hot loop. For example, I got rid of some unsafe in rand that way.
Alternatively, you can round up the array length to the nearest power of 2 and use cheap bitmasking instead of branching bounds checks. If it goes wrong, it will access the wrong element but will not result in any code execution vulnerabilities. Here's an example of this in zune-jpeg.