V OpenVet
cargo / libc / audit
cargo : libc @ 0.2.186
PE Patrick Elsen signed 2026-05-28 published 2026-05-28

Claims

build-exec-deterministicbuild-exec-minimalbuild-exec-no-networkbuild-exec-no-write-outbuild-exec-safehas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignuses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe

Summary

0.2.186 is raw FFI bindings to platform C standard library interfaces for 80+ target triples. The published crate is byte-for-byte identical to VCS (excluding Cargo normalization). The build script detects ABI variants via rustc/host-tool version probing and emits only cfg directives. No runtime I/O, no crypto, no concurrency, no dependencies beyond an optional rustc-std shim. Unit tests cover the macro helpers. No findings.

Report

Subject

libc 0.2.186 is the canonical Rust crate for raw FFI bindings to platform C standard library interfaces and OS syscall ABIs. It exposes extern "C" function declarations, #[repr(C)] struct and union definitions, integer constants, and a small set of inline helpers that implement C preprocessor macros (BPF_CLASS, CMSG_SPACE, FD_SET, SO_EE_OFFENDER, etc.) as Rust functions. The crate covers over 80 target triples spanning Linux, macOS, Windows, FreeBSD, and numerous embedded/RTOS platforms, organized under src/unix/, src/windows/, and per-OS subdirectories. It is a direct dependency of the Rust standard library via the rustc-dep-of-std feature.

Methodology

The published crate contents were compared against the upstream Git repository at the commit recorded in .cargo_vcs_info.json using diff -rq. The build.rs was read in full. src/lib.rs and src/macros.rs were read in full. Representative platform modules (src/unix/linux_like/linux/mod.rs, src/unix/mod.rs, src/unix/linux_like/mod.rs) were sampled for unsafe usage patterns and helper function implementations. Source surveys for network, filesystem, process, environment, crypto, and concurrency usage were conducted with grep. The test files (src/macros.rs #[test] blocks, tests/const_fn.rs) were read in full.

Scope. Due to the size of this crate (133K LOC, 228 unsafe occurrences across per-OS FFI declarations and inline helpers), the following claims were not evaluated and are left unasserted; they must not be read as either satisfied or violated: unsafe-safe, unsafe-documented, unsafe-minimal, unsafe-tested. This audit verifies supply-chain integrity (VCS byte-equivalence), the capability surface (uses-*), build/install-time execution, and dependency enumeration.

Results

The diff against VCS shows only a single difference: Cargo.toml (cargo normalization). All source files are byte-for-byte identical to the VCS checkout, justifying the supply-chain integrity check.

No binary artifacts are present in the published crate, justifying has-binaries. No install-time hooks exist, justifying has-install-exec.

The build.rs invokes $RUSTC --version and, when targeting FreeBSD or Emscripten, the host tools freebsd-version and emcc -dumpversion, to detect runtime ABI variants. It reads documented CARGO_CFG_* variables and optional RUST_LIBC_UNSTABLE_* opt-in env vars. All output is confined to cargo:rustc-cfg= and cargo:rustc-check-cfg= directives on stdout; there are no network calls, no filesystem writes, and no side effects outside the Cargo output protocol. This justifies has-build-exec, build-exec-safe, build-exec-no-network, build-exec-no-write-out, build-exec-deterministic, and build-exec-minimal.

The source code consists almost entirely of declarations. The only active code is the inline helpers implemented through the f! and safe_f! macros in src/macros.rs, all of which are straightforward bit-manipulation or pointer-arithmetic expressions (constant shifts, masks, pointer offsets) that correspond directly to C preprocessor macros. No network, filesystem, process, environment, crypto, concurrency, JIT, or interpreter usage was found in any source file, justifying uses-network, uses-filesystem, uses-exec, uses-environment, uses-crypto, uses-concurrency, uses-jit, and uses-interpreter. The crate implements no algorithms, data structures, parsers, protocols, crypto, JIT, or interpreter, justifying all impl-* claims as false. uses-unsafe is justified by 228 occurrences across FFI declarations and inline helpers. is-benign is justified: no obfuscated code, base64 blobs, telemetry, or suspicious network endpoints were found.

Unit tests exist in src/macros.rs (6 tests for c_enum! and offset_of!) and tests/const_fn.rs (compile-time const evaluation check for CMSG_SPACE), justifying has-unit-tests. No integration, fuzz, or property tests were found, justifying has-integration-tests, has-fuzz-tests, and has-property-tests.

No findings were recorded.

Conclusion

libc 0.2.186 is a large but structurally simple crate: declarations, constants, and C-macro equivalents, with one optional build dependency and no runtime I/O. The build script performs version detection only and stays within the Cargo output protocol. The published contents match the VCS commit byte-for-byte (excluding Cargo normalization). The unsafe surface is pervasive but consists of FFI declarations and pointer-arithmetic helpers, which was not exhaustively reviewed under the scoped audit methodology.

Findings

No findings.

Annotations(4)

build.rs

build.rs detects the rustc minor version by invoking $RUSTC --version (via Command::new), detects the host FreeBSD/Emscripten/VxWorks version when targeting those platforms by invoking freebsd-version or emcc -dumpversion, reads a small set of documented CARGO_CFG_* environment variables and optional opt-in RUST_LIBC_UNSTABLE_* env vars, and emits only cargo:rustc-cfg= and cargo:rustc-check-cfg= directives to stdout. It makes no network requests, writes nothing to the filesystem outside of stdout, and its output depends only on the detected toolchain and target, justifying build-exec-safe, build-exec-no-network, build-exec-no-write-out, build-exec-deterministic, and build-exec-minimal.

src

The crate is composed almost entirely of extern "C" declarations, #[repr(C)] struct/union definitions, and integer constants organized by target OS/arch under src/unix/, src/windows/, and other platform subdirectories. No runtime I/O, no networking, no concurrency, no cryptography. The only active logic is in inline helper functions (via the f! macro) that implement C preprocessor macros such as BPF_CLASS, CMSG_SPACE, FD_SET, SO_EE_OFFENDER, and SUN_LEN as bit-manipulation or pointer-arithmetic expressions. The src/macros.rs file defines the structural macros (cfg_if!, s!, s_no_extra_traits!, f!, safe_f!, c_enum!, offset_of!) that all platform modules use. The crate justifies uses-unsafe (228 occurrences of unsafe across the FFI declarations and inline helpers), uses-network (none), uses-filesystem (none), uses-exec (none), uses-environment (none), uses-crypto (none), uses-concurrency (none), is-benign, has-binaries (none found), impl-crypto, impl-parser, impl-interpreter, impl-jit, impl-protocol, impl-datastructure, impl-algorithm, impl-concurrency.

src/macros.rs

src/macros.rs contains 6 #[test] functions exercising c_enum! macro behavior and the offset_of! polyfill. tests/const_fn.rs is a compile-time test verifying that CMSG_SPACE is const-evaluable on Linux. No integration or fuzz tests are present. Justifies has-unit-tests.

tests

src/macros.rs contains 6 #[test] functions exercising c_enum! macro behavior and the offset_of! polyfill. tests/const_fn.rs is a compile-time test verifying that CMSG_SPACE is const-evaluable on Linux. No integration or fuzz tests are present. Justifies has-unit-tests.