Description

The Transmutable trait in interface has memory safety implications in its implementation. Types that implement the trait are instructed to ensure that casts from raw bytes are safe.

/// Marker trait for types that can be cast from a raw pointer.
///
/// It is up to the type implementing this trait to guarantee that the cast is
/// safe, i.e., the fields of the type are well aligned and there are no padding
/// bytes.
pub trait Transmutable {
    /// The length of the type.
    ///
    /// This must be equal to the size of each individual field in the type.
    const LEN: usize;
}

This requires understanding the alignment of the underlying type, ensuring that the type does not introduce padding, that arbitrary byte representations are legal, and so on. Given the memory safety requirements of this trait, the trait should be marked unsafe.

Impact

Undefined behavior can result from an incorrect implementation of Transmutable, despite the trait not being an unsafe trait.

Recommendations

Mark Transmutable as unsafe.

Remediation