From 0a90d2d2336a3d48ac957e8bf97337436db7bda7 Mon Sep 17 00:00:00 2001
From: ltdk <usr@ltdk.xyz>
Date: Tue, 12 Mar 2024 17:19:58 -0400
Subject: [PATCH] Reduce unsafe code, use more NonNull APIs per @cuviper review

---
 library/core/src/ffi/c_str.rs | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/library/core/src/ffi/c_str.rs b/library/core/src/ffi/c_str.rs
index 1dafc8c1f868c..f2e81e9bb9a18 100644
--- a/library/core/src/ffi/c_str.rs
+++ b/library/core/src/ffi/c_str.rs
@@ -507,6 +507,13 @@ impl CStr {
         self.inner.as_ptr()
     }
 
+    /// We could eventually expose this publicly, if we wanted.
+    #[inline]
+    #[must_use]
+    const fn as_non_null_ptr(&self) -> NonNull<c_char> {
+        NonNull::from(&self.inner).as_non_null_ptr()
+    }
+
     /// Returns the length of `self`. Like C's `strlen`, this does not include the nul terminator.
     ///
     /// > **Note**: This method is currently implemented as a constant-time
@@ -776,12 +783,7 @@ pub struct Bytes<'a> {
 impl<'a> Bytes<'a> {
     #[inline]
     fn new(s: &'a CStr) -> Self {
-        Self {
-            // SAFETY: Because we have a valid reference to the string, we know
-            // that its pointer is non-null.
-            ptr: unsafe { NonNull::new_unchecked(s.as_ptr() as *const u8 as *mut u8) },
-            phantom: PhantomData,
-        }
+        Self { ptr: s.as_non_null_ptr().cast(), phantom: PhantomData }
     }
 
     #[inline]
@@ -789,7 +791,7 @@ impl<'a> Bytes<'a> {
         // SAFETY: We uphold that the pointer is always valid to dereference
         // by starting with a valid C string and then never incrementing beyond
         // the nul terminator.
-        unsafe { *self.ptr.as_ref() == 0 }
+        unsafe { self.ptr.read() == 0 }
     }
 }
 
@@ -805,14 +807,12 @@ impl Iterator for Bytes<'_> {
         // the pointer is non-null and valid. This lets us safely dereference
         // it and assume that adding 1 will create a new, non-null, valid
         // pointer.
-        unsafe {
-            let ret = *self.ptr.as_ref();
-            if ret == 0 {
-                None
-            } else {
-                self.ptr = NonNull::new_unchecked(self.ptr.as_ptr().offset(1));
-                Some(ret)
-            }
+        let ret = unsafe { self.ptr.read() };
+        if ret == 0 {
+            None
+        } else {
+            self.ptr = self.ptr.offset(1);
+            Some(ret)
         }
     }