lzo 0.1.1

Safe, dependency-free, no_std pure-Rust LZO1X decompressor — bounds-checked and fuzz-hardened for reading untrusted lzo1x_1 / lzo1x_999 streams.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  CARGO_TERM_COLOR: always
  CARGO_INCREMENTAL: "0"
  RUSTFLAGS: -Dwarnings

jobs:
  fmt:
    name: Format
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
        with:
          components: rustfmt
      - run: cargo fmt --check

  clippy:
    name: Clippy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
        with:
          components: clippy
      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
      - run: cargo clippy --all-targets -- -D warnings
      # The lean `no_std` build (no `alloc` convenience) must stay warning-clean.
      - run: cargo clippy --all-targets --no-default-features -- -D warnings

  test:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
      - run: cargo test
      - run: cargo test --no-default-features

  deny:
    name: Cargo Deny
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2.0.15

  msrv:
    name: MSRV (1.85)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: dtolnay/rust-toolchain@c56a35af9328d0bc581dc86c05e58f97f7c38a0e # 1.85
      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
      - run: cargo test
      - run: cargo build --no-default-features

  fuzz-check:
    name: Fuzz (build check)
    runs-on: ubuntu-latest
    # The workflow-wide RUSTFLAGS=-Dwarnings must NOT leak into the nightly fuzz
    # build (nightly warns more freely) or cargo-fuzz's own build.
    env:
      RUSTFLAGS: ""
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      # cargo-fuzz needs nightly (-Z sanitizer=address); override the channel on
      # the pinned toolchain action rather than pinning a separate @nightly ref
      # (a SHA-pinned nightly ref leaves the toolchain name empty).
      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
        with:
          toolchain: nightly
          components: rust-src
      # Install without --locked: cargo-fuzz's pinned Cargo.lock holds an old
      # rustix whose attributes current nightly rejects.
      - run: cargo install cargo-fuzz
      - run: cargo fuzz build

  secrets:
    name: Secret Scan (gitleaks)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0
      - name: Install gitleaks
        # renovate: datasource=github-releases depName=gitleaks/gitleaks
        run: |
          VERSION=8.30.1
          curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${VERSION}/gitleaks_${VERSION}_linux_x64.tar.gz" \
            | tar xz -C /tmp gitleaks
      - name: Run gitleaks
        run: /tmp/gitleaks detect --source .

  coverage:
    name: Coverage (100% lines)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
        with:
          components: llvm-tools-preview
      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
      - run: cargo install cargo-llvm-cov --locked
      # 100% line coverage: any `DA:<line>,0` record fails the gate.
      - name: Enforce 100% line coverage
        run: |
          cargo llvm-cov --lcov --output-path lcov.info
          if grep -qE '^DA:[0-9]+,0$' lcov.info; then
            echo "::error::uncovered lines:"; grep -nE '^(SF:|DA:[0-9]+,0$)' lcov.info
            exit 1
          fi
          echo "100% line coverage ✓"
      # The whole public API is exercised through the integration tests (tests/),
      # so the e2e suite alone must also reach 100% — no line is reachable only
      # via white-box unit tests.
      - name: Enforce 100% e2e (public-API) coverage
        run: |
          cargo llvm-cov --test roundtrip --test errors --lcov --output-path e2e.info
          if grep -qE '^DA:[0-9]+,0$' e2e.info; then
            echo "::error::e2e leaves public-API lines uncovered:"; grep -nE '^(SF:|DA:[0-9]+,0$)' e2e.info
            exit 1
          fi
          echo "100% e2e coverage ✓"

  geiger:
    name: Unsafe Audit (cargo-geiger)
    runs-on: ubuntu-latest
    continue-on-error: true
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
      - run: cargo install cargo-geiger --locked
      - run: cargo geiger 2>&1 || true