Im actually embedding this in place of leveldb, in a project im working, because i just want a compact db file, and not several like leveldb use to do, and giving the benchmarks are saying this is even faster, its a plus..
But i was just worried about the api using void pointers to represent heap state like db, cursor, etc.. im not a security expert but isnt that considered harmful? giving it could be used as a cursor to point to any arbitrary memory address by a black hat? (or that work just if the handle points to a invalid address? in a bug for instance?)
While it is unfortunate they don't use forward-declared structs instead of void pointers, that only means that potential type checking that could otherwise be done by the compiler does not happen, the use of void pointers in and of itself is not a bug, it just can make it more likely that code using the library won't know about bugs until too late.
But i was just worried about the api using void pointers to represent heap state like db, cursor, etc.. im not a security expert but isnt that considered harmful? giving it could be used as a cursor to point to any arbitrary memory address by a black hat? (or that work just if the handle points to a invalid address? in a bug for instance?)