V OpenVet
cargo / syn

syn

cargo

Parser for Rust source code

2 audits github.com/dtolnay/syn

Audits

PE Patrick Elsen 2026-05-28

syn@2.0.117 · 1 finding

syn 2.0.117 is a #![no_std] recursive-descent parser for Rust source, used by most proc-macros. Its unsafe is concentrated in one heavily documented module, the Cursor over a flat TokenBuffer, whose offset encoding keeps pointer arithmetic in-bounds. One low-severity finding: unbounded parser recursion can stack-overflow at compile time on adversarially nested input.

datastructure-impl-boundsdatastructure-impl-correctdatastructure-impl-safedatastructure-impl-testedhas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignparser-impl-safeparser-impl-testedunsafe-documentedunsafe-minimalunsafe-safeunsafe-testeduses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe
PE Patrick Elsen 2026-05-27

syn@1.0.109 · 2 findings

syn 1.0.109 is a mature Rust source-code parser with narrow runtime surface (no I/O, no concurrency, no crypto) and concentrated, well-motivated unsafe exercised under miri on upstream CI. Two low-severity quality findings, both documentation gaps; safe to deploy.

build-exec-deterministicbuild-exec-minimalbuild-exec-no-networkbuild-exec-no-write-outbuild-exec-safeconcurrency-impl-correctconcurrency-impl-documentedconcurrency-impl-safeconcurrency-impl-testeddatastructure-impl-boundsdatastructure-impl-correctdatastructure-impl-safedatastructure-impl-testedenvironment-safehas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignparser-impl-correctparser-impl-safeparser-impl-testedunsafe-documentedunsafe-minimalunsafe-safeunsafe-testeduses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe