From ee1814444515d3bc3b35ba8708ea2a95d67dfca1 Mon Sep 17 00:00:00 2001 From: Yannis Guyon Date: Thu, 11 Apr 2024 16:52:30 +0200 Subject: [PATCH] Bubble unsafe up from Pixels::from_raw_pointer() Also tag Decoder::set_io_raw() as unsafe. Add fn safety section to comply with https://rust-lang.github.io/rust-clippy/master/index.html#/missing_safety_doc --- src/capi/decoder.rs | 2 +- src/capi/io.rs | 2 +- src/capi/reformat.rs | 10 +++++----- src/codecs/dav1d.rs | 17 +++++++++-------- src/decoder/mod.rs | 8 +++++--- src/internal_utils/io.rs | 2 +- src/internal_utils/pixels.rs | 2 +- src/reformat/alpha.rs | 6 ++---- tests/decoder_tests.rs | 8 +++++--- 9 files changed, 30 insertions(+), 27 deletions(-) diff --git a/src/capi/decoder.rs b/src/capi/decoder.rs index 9101382..0f9e463 100644 --- a/src/capi/decoder.rs +++ b/src/capi/decoder.rs @@ -125,7 +125,7 @@ pub unsafe extern "C" fn crabby_avifDecoderSetIOMemory( size: usize, ) -> avifResult { let rust_decoder = unsafe { &mut (*decoder).rust_decoder }; - to_avifResult(&rust_decoder.set_io_raw(data, size)) + to_avifResult(unsafe { &rust_decoder.set_io_raw(data, size) }) } #[no_mangle] diff --git a/src/capi/io.rs b/src/capi/io.rs index 3d29c74..5ccdc85 100644 --- a/src/capi/io.rs +++ b/src/capi/io.rs @@ -225,7 +225,7 @@ pub unsafe extern "C" fn crabby_avifIOCreateMemoryReader( size: usize, ) -> *mut avifIO { let cio = Box::new(avifCIOWrapper { - io: Box::new(DecoderRawIO::create(data, size)), + io: Box::new(unsafe { DecoderRawIO::create(data, size) }), buf: Vec::new(), }); let io = Box::new(avifIO { diff --git a/src/capi/reformat.rs b/src/capi/reformat.rs index 7837604..7afeba9 100644 --- a/src/capi/reformat.rs +++ b/src/capi/reformat.rs @@ -54,7 +54,7 @@ impl From<*mut avifRGBImage> for rgb::Image { premultiply_alpha: rgb.alpha_premultiplied, is_float: rgb.is_float, max_threads: rgb.max_threads, - pixels: Some(Pixels::from_raw_pointer(rgb.pixels, rgb.depth)), + pixels: Some(unsafe { Pixels::from_raw_pointer(rgb.pixels, rgb.depth) }), row_bytes: rgb.row_bytes, }; let format = match (rgb.format, rgb.ignore_alpha) { @@ -87,10 +87,10 @@ impl From<*const avifImage> for image::Image { alpha_present: !image.alphaPlane.is_null(), alpha_premultiplied: image.alphaPremultiplied == AVIF_TRUE, planes: [ - Some(Pixels::from_raw_pointer(image.yuvPlanes[0], image.depth)), - Some(Pixels::from_raw_pointer(image.yuvPlanes[1], image.depth)), - Some(Pixels::from_raw_pointer(image.yuvPlanes[2], image.depth)), - Some(Pixels::from_raw_pointer(image.alphaPlane, image.depth)), + Some(unsafe { Pixels::from_raw_pointer(image.yuvPlanes[0], image.depth) }), + Some(unsafe { Pixels::from_raw_pointer(image.yuvPlanes[1], image.depth) }), + Some(unsafe { Pixels::from_raw_pointer(image.yuvPlanes[2], image.depth) }), + Some(unsafe { Pixels::from_raw_pointer(image.alphaPlane, image.depth) }), ], row_bytes: [ image.yuvRowBytes[0], diff --git a/src/codecs/dav1d.rs b/src/codecs/dav1d.rs index b4799e9..401bb62 100644 --- a/src/codecs/dav1d.rs +++ b/src/codecs/dav1d.rs @@ -150,10 +150,9 @@ impl Decoder for Dav1d { image.width = dav1d_picture.p.w as u32; image.height = dav1d_picture.p.h as u32; image.depth = dav1d_picture.p.bpc as u8; - image.planes[3] = Some(Pixels::from_raw_pointer( - dav1d_picture.data[0] as *mut u8, - image.depth as u32, - )); + image.planes[3] = Some(unsafe { + Pixels::from_raw_pointer(dav1d_picture.data[0] as *mut u8, image.depth as u32) + }); image.row_bytes[3] = dav1d_picture.stride[0] as u32; image.image_owns_planes[3] = false; let seq_hdr = unsafe { &(*dav1d_picture.seq_hdr) }; @@ -180,10 +179,12 @@ impl Decoder for Dav1d { image.matrix_coefficients = (seq_hdr.mtrx as u16).into(); for plane in 0usize..image.yuv_format.plane_count() { - image.planes[plane] = Some(Pixels::from_raw_pointer( - dav1d_picture.data[plane] as *mut u8, - image.depth as u32, - )); + image.planes[plane] = Some(unsafe { + Pixels::from_raw_pointer( + dav1d_picture.data[plane] as *mut u8, + image.depth as u32, + ) + }); let stride_index = if plane == 0 { 0 } else { 1 }; image.row_bytes[plane] = dav1d_picture.stride[stride_index] as u32; image.image_owns_planes[plane] = false; diff --git a/src/decoder/mod.rs b/src/decoder/mod.rs index 15050d3..c856b25 100644 --- a/src/decoder/mod.rs +++ b/src/decoder/mod.rs @@ -302,9 +302,11 @@ impl Decoder { self.parse_state = ParseState::None; } - // This has an unsafe block and is intended for use only from the C API. - pub fn set_io_raw(&mut self, data: *const u8, size: usize) -> AvifResult<()> { - self.io = Some(Box::new(DecoderRawIO::create(data, size))); + /// # Safety + /// + /// This has an unsafe block and is intended for use only from the C API. + pub unsafe fn set_io_raw(&mut self, data: *const u8, size: usize) -> AvifResult<()> { + self.io = Some(Box::new(unsafe { DecoderRawIO::create(data, size) })); self.parse_state = ParseState::None; Ok(()) } diff --git a/src/internal_utils/io.rs b/src/internal_utils/io.rs index e144098..3c13c94 100644 --- a/src/internal_utils/io.rs +++ b/src/internal_utils/io.rs @@ -67,7 +67,7 @@ pub struct DecoderRawIO<'a> { } impl DecoderRawIO<'_> { - pub fn create(data: *const u8, size: usize) -> Self { + pub unsafe fn create(data: *const u8, size: usize) -> Self { Self { data: unsafe { std::slice::from_raw_parts(data, size) }, } diff --git a/src/internal_utils/pixels.rs b/src/internal_utils/pixels.rs index e3198ae..81e3340 100644 --- a/src/internal_utils/pixels.rs +++ b/src/internal_utils/pixels.rs @@ -13,7 +13,7 @@ pub enum Pixels { } impl Pixels { - pub fn from_raw_pointer(ptr: *mut u8, depth: u32) -> Self { + pub unsafe fn from_raw_pointer(ptr: *mut u8, depth: u32) -> Self { if depth > 8 { Pixels::Pointer16(ptr as *mut u16) } else { diff --git a/src/reformat/alpha.rs b/src/reformat/alpha.rs index f7e7bed..49223d8 100644 --- a/src/reformat/alpha.rs +++ b/src/reformat/alpha.rs @@ -247,10 +247,8 @@ mod tests { buffer.reserve_exact(buffer_size); buffer.resize(buffer_size, 0); // Use a pointer to mimic C API calls. - rgb.pixels = Some(Pixels::from_raw_pointer( - buffer.as_mut_ptr(), - rgb.depth as u32, - )); + rgb.pixels = + Some(unsafe { Pixels::from_raw_pointer(buffer.as_mut_ptr(), rgb.depth as u32) }); rgb.row_bytes = width * 4 * pixel_size; } else { rgb.allocate()?; diff --git a/tests/decoder_tests.rs b/tests/decoder_tests.rs index 34accb3..511ce25 100644 --- a/tests/decoder_tests.rs +++ b/tests/decoder_tests.rs @@ -333,9 +333,11 @@ fn raw_io() { let data = std::fs::read(get_test_file("colors-animated-8bpc.avif")).expect("Unable to read file"); let mut decoder = decoder::Decoder::default(); - let _ = decoder - .set_io_raw(data.as_ptr(), data.len()) - .expect("Failed to set IO"); + unsafe { + let _ = decoder + .set_io_raw(data.as_ptr(), data.len()) + .expect("Failed to set IO"); + } assert!(decoder.parse().is_ok()); assert_eq!(decoder.image_count, 5); if !HAS_DECODER {