Comment by rafram
> It's relatively new but Rust certainly calms security fears.
https://github.com/search?q=repo%3Alibjxl%2Fjxl-rs%20unsafe&...
> It's relatively new but Rust certainly calms security fears.
https://github.com/search?q=repo%3Alibjxl%2Fjxl-rs%20unsafe&...
So, I had no reason to use "unsafe" for a very long time, and had developed a bit of an aversion to it. Then I actually needed to use it, first to interface with some C code, and then to deal with a device's mmap'd memory as raw `&[u8]`s.
And my discovery (which basically anyone could have told me beforehand) was that ... "unsafe" rust is not really that different from regular rust. It lets you dereference pointers (which is not a particularly unusual operation in many other languages) and call some functions that need extra care. Usually the presence of "unsafe" really just means that you needed to interface with foreign functions or hardware or something.
This is all to say: implying that mere presence of an "unsafe" keyword is a sign that code is insecure is very, very silly.
That looks pretty good to me. Every `unsafe` function has clearly stated safety requirements, and every `unsafe` blocks justifies why the requirements are met.