Mark `MutBuf::mut_buf` as unsafe

`MutBuf::mut_buf` allows access to uninitialized memory.

Mark `MutBuf::mut_buf` as unsafe
b4abd143 · Carl Lerche · 296cac26 · b4abd143 · b4abd143 · b4abd143
Commit b4abd143 authored 9 years ago by Carl Lerche
--- a/src/buf/byte.rs
+++ b/src/buf/byte.rs
@@ -321,7 +321,7 @@ impl MutBuf for MutByteBuf {
        self.buf.advance(cnt)
    }

-    fn mut_bytes<'a>(&'a mut self) -> &'a mut [u8] {
+    unsafe fn mut_bytes<'a>(&'a mut self) -> &'a mut [u8] {
        let pos = self.buf.pos();
        let lim = self.buf.lim();
        &mut self.buf.mem.bytes_mut()[pos..lim]

--- a/src/buf/mod.rs
+++ b/src/buf/mod.rs
@@ -102,7 +102,9 @@ pub trait MutBuf : Sized {

    /// Returns a mutable slice starting at the current MutBuf position and of
    /// length between 0 and `MutBuf::remaining()`.
-    fn mut_bytes<'a>(&'a mut self) -> &'a mut [u8];
+    ///
+    /// The returned byte slice may represent uninitialized memory.
+    unsafe fn mut_bytes<'a>(&'a mut self) -> &'a mut [u8];

    /// Write bytes from the given slice into the `MutBuf` and advance the
    /// cursor by the number of bytes written.
@@ -268,7 +270,7 @@ impl<'a, R: io::Read+'a> Source for &'a mut R {
        let mut cnt = 0;

        while buf.has_remaining() {
-            let i = try!(self.read(buf.mut_bytes()));
+            let i = try!(self.read(unsafe { buf.mut_bytes() }));

            if i == 0 {
                break;
@@ -349,7 +351,7 @@ impl MutBuf for Vec<u8> {
        }
    }

-    fn mut_bytes(&mut self) -> &mut [u8] {
+    unsafe fn mut_bytes(&mut self) -> &mut [u8] {
        use std::slice;

        if self.capacity() == self.len() {
@@ -359,10 +361,8 @@ impl MutBuf for Vec<u8> {
        let cap = self.capacity();
        let len = self.len();

-        unsafe {
-            let ptr = self.as_mut_ptr();
-            &mut slice::from_raw_parts_mut(ptr, cap)[len..]
-        }
+        let ptr = self.as_mut_ptr();
+        &mut slice::from_raw_parts_mut(ptr, cap)[len..]
    }
 }


--- a/src/buf/ring.rs
+++ b/src/buf/ring.rs
@@ -196,7 +196,7 @@ impl MutBuf for RingBuf {
        self.advance_writer(cnt)
    }

-    fn mut_bytes(&mut self) -> &mut [u8] {
+    unsafe fn mut_bytes(&mut self) -> &mut [u8] {
        if self.cap == 0 {
            return self.ptr.bytes_mut();
        }

--- a/src/buf/slice.rs
+++ b/src/buf/slice.rs
@@ -53,7 +53,7 @@ impl<'a> MutBuf for MutSliceBuf<'a> {
        self.pos += cnt;
    }

-    fn mut_bytes<'b>(&'b mut self) -> &'b mut [u8] {
+    unsafe fn mut_bytes<'b>(&'b mut self) -> &'b mut [u8] {
        &mut self.bytes[self.pos..]
    }
 }
--- a/src/str/bytes.rs
+++ b/src/str/bytes.rs
@@ -208,17 +208,15 @@ impl<'a> Source for &'a Bytes {
        while src.has_remaining() && dst.has_remaining() {
            let l;

-            {
+            unsafe {
                let s = src.bytes();
                let d = dst.mut_bytes();
                l = cmp::min(s.len(), d.len());

-                unsafe {
-                    ptr::copy_nonoverlapping(
-                        s.as_ptr(),
-                        d.as_mut_ptr(),
-                        l);
-                }
+                ptr::copy_nonoverlapping(
+                    s.as_ptr(),
+                    d.as_mut_ptr(),
+                    l);
            }

            src.advance(l);

--- a/test/test_buf.rs
+++ b/test/test_buf.rs
@@ -30,7 +30,10 @@ pub fn test_vec_as_mut_buf() {
    let mut buf = vec![];

    assert_eq!(buf.remaining(), usize::MAX);
-    assert_eq!(buf.mut_bytes().len(), 64);
+
+    unsafe {
+        assert_eq!(buf.mut_bytes().len(), 64);
+    }

    buf.write(&b"zomg"[..]).unwrap();