mvwgetstr, getstr, mvwinnstr, and wgetstr can produce strings that are invalid UTF-8

[thomcc]

This is a memory safety problem, since many functions in the rust stdlib are UB if you have a non-utf8 string.

These functions should be changed to ensure that only valid utf8 is input.

See rustsec/advisory-db#106, although it's unclear if there's a way for this to be exploitable (unlike the others).

[jeaye]

Again, same point as before. ncurses-rs does not do any processing on top of just handing data to/from ncurses.

However, I appreciate your intention and I don't want to leave people using ncurses-rs thinking (and apparently knowing nothing about ncurses) that this could possibly be a safe library, so I've added the following: a52dbb3

I would be open to a PR marking all of the appropriate fns unsafe, but not any more PRs or issues around making ncurses-rs do anything more than its purpose. There are safer TUI libraries for Rust; hell, there are far safer TUI libraries for C, even.

[dpc]

This is note is most certainly not sufficient. Noone is going to read and find it.

All the functions should be marked as unsafe. That's what the language mandates.