Comment 22 for bug 1993819

I believe there are some minor issues with the report:

> - CVE History
I would recommend taking a look at https://github.com/rust-lang/cargo/security. Rust upstream will publish all the CVE information here.

> - Other vendor, like libc, winapi, rustix, io-lifetimes, URL,
> linux-raw-sys, have network functions but could identify if they
> are used by cargo.
In newer version of Cargo, it also has gitoxide, destined to replace libgit2. This library obviously also connects to the Internet.

> Some usage of "unsafe" method in the main tree and also in vendors. It
> seems necessary to do those kind of operations but also disable rust
> protections that avoids memory leaks out out of bound problems

This is a common misconception of what `unsafe` means. In Rust, `unsafe` only allows you to deference raw pointers and call to other `unsafe` functions (e.g. functions from across the FFI boundary). All the other smart pointers or safe constructs are still under the compiler's supervision.

Out-of-bound (OOB)/double-free/use-after-free (UAF) issues in `unsafe` usually occur outside of Rust territory (may be caused by external functions).

In safe Rust, memory leaks can also occur due to cyclic memory references (when using referenced pointers like `Rc` or `Arc`).

In `unsafe` Rust, assuming semantic soundness is proved for all the `unsafe` blocks, the whole program is still sound. Please see https://dl.acm.org/doi/10.1145/3158154 for more information on how this could be provable.