V OpenVet
cargo / cc

cc

cargo

A build-time dependency for Cargo build scripts to assist in invoking the native C compiler to compile native C code into a static archive to be linked into Rust code.

2 audits github.com/rust-lang/cc-rs

Audits

PE Patrick Elsen 2026-06-01

cc@1.2.63 · 2 findings

Audit of cc 1.2.63, a Cargo build-time helper that orchestrates native C/C++/CUDA/assembly compilation. All process spawning is argv-form with no shell, writes are confined to OUT_DIR, environment access goes through a clippy-enforced cache-aware helper, and the small unsafe surface is documented and minimal. No crypto, network, or install/build-time code execution. Two low-severity quality findings on unwrap/expect panics over environment inputs and a non-CSPRNG tempfile name.

concurrency-documentedconcurrency-impl-correctconcurrency-impl-documentedconcurrency-impl-safeconcurrency-impl-testedconcurrency-safeenvironment-safeexec-safefilesystem-safehas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignparser-impl-correctparser-impl-safeparser-impl-testedunsafe-documentedunsafe-minimalunsafe-safeunsafe-testeduses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe
PE Patrick Elsen 2026-05-27

cc@1.2.62 · 1 finding

cc 1.2.62 is a build-time C/C++ compiler driver used by most -sys crates. All subprocess invocations use argv form (no shell), writes are confined to OUT_DIR, environment variables are documented and tracked for Cargo rebuild detection, and 19 unsafe blocks were read and found sound. One low-severity quality finding: most unsafe blocks lack canonical // SAFETY: comments.

concurrency-documentedconcurrency-safeenvironment-safeexec-safefilesystem-safehas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignparser-impl-correctparser-impl-safeparser-impl-testedunsafe-documentedunsafe-minimalunsafe-safeunsafe-testeduses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe