serde_fressian::wasm::from_ptr should be marked unsafe

[ammaraskar]

Hi there, we (Rust group @sslab-gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the serde_fressian::wasm::from_ptr function dereferences a raw pointer provided by the user to deserialize:

serde-fressian/src/wasm/mod.rs

Lines 76 to 80 in 64e829e

	let bytes: &[u8] = unsafe {
	std::slice::from_raw_parts(ptr, len)
	};
	let mut deserializer = de::Deserializer::from_bytes(bytes);
	T::deserialize(&mut deserializer)

This method should probably be marked unsafe so that the user upholds the documented invariant of passing in valid pointers with ownership. Otherwise, this allows a user to cause a memory safety bug using entirely safe Rust code such as the following:

#![forbid(unsafe_code)]

use serde_fressian::wasm::from_ptr;

fn return_raw_pointer() -> *mut u8 {
    let mut array: [u8; 4] = [0x41, 0x42, 0x43, 0x44];
    array.as_mut_ptr()
}

fn main() {
    let raw_ptr = return_raw_pointer();
    let deserialized : i32 = from_ptr(raw_ptr, 4).unwrap();

    println!("{:x}", deserialized);
    assert!(deserialized == 0x41424344)
}

This outputs:

fffff142
thread 'main' panicked at 'assertion failed: deserialized == 0x41424344', src/main.rs:32:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Return code 101