chore: mark ElfLoader::load as unsafe

[toku-sa-n]

This method assumes that the memory is allocated by ElfLoader::allocate, but the compiler can't ensure it. Without it, the program may violate memory safety by e.g., modifying memory used by others.

(Sorry, I fixed the branch name.)

[gz]

Hi, thanks for submitting this! Can you walk me through the reasoning or point me to the right documentation when a trait method should be marked unsafe?

I'm struggling a little. I get that allocate() for some/many implementations will allocate memory that is used later by relocate. But I think it's possible to build a safe interface for relocate in many cases too. E.g. you check that the memory is mapped and accessible before you write and otherwise return an error (or panic). A (very silly) but safe implementation for the trait would be our test (https://github.com/gz/rust-elfloader/blob/master/src/lib.rs#L529).

[toku-sa-n]

I get that allocate() for some/many implementations will allocate memory that is used later by relocate.

How can it be done? What information does LoadableHeaders provide for relocation?

By the way, I think ElfLoader::load can be removed. ElfLoader::load is supposed to just copy the values of region to the allocated place. ProgramHeader::flags returns the readability, writeability, and executability of the region, so flags of ElfLoader::load can be omitted.