diff --git a/src/fonts/glyph_ranges.rs b/src/fonts/glyph_ranges.rs index 5149f97..4ba7c45 100644 --- a/src/fonts/glyph_ranges.rs +++ b/src/fonts/glyph_ranges.rs @@ -114,6 +114,10 @@ impl FontGlyphRanges { /// Creates a glyph range from a static slice without checking its validity. /// /// See [`FontRangeGlyph::from_slice`] for more information. + /// + /// # Safety + /// + /// It is up to the caller to guarantee the slice contents are valid. pub unsafe fn from_slice_unchecked(slice: &'static [u16]) -> FontGlyphRanges { FontGlyphRanges::from_ptr(slice.as_ptr()) } @@ -121,6 +125,11 @@ impl FontGlyphRanges { /// Creates a glyph range from a pointer, without checking its validity or enforcing its /// lifetime. The memory the pointer points to must be valid for as long as the font is /// in use. + /// + /// # Safety + /// + /// It is up to the caller to guarantee the pointer is not null, remains valid forever, and + /// points to valid data. pub unsafe fn from_ptr(ptr: *const u16) -> FontGlyphRanges { FontGlyphRanges(FontGlyphRangeData::Custom(ptr)) } diff --git a/src/internal.rs b/src/internal.rs index 5c8bd29..af39bd5 100644 --- a/src/internal.rs +++ b/src/internal.rs @@ -11,8 +11,8 @@ pub struct ImVector { } impl ImVector { - pub unsafe fn as_slice(&self) -> &[T] { - slice::from_raw_parts(self.data, self.size as usize) + pub fn as_slice(&self) -> &[T] { + unsafe { slice::from_raw_parts(self.data, self.size as usize) } } } @@ -45,26 +45,52 @@ pub trait RawWrapper { /// Wrapped raw type type Raw; /// Returns an immutable reference to the wrapped raw value + /// + /// # Safety + /// + /// It is up to the caller to use the returned raw reference without causing undefined + /// behaviour or breaking safety rules. unsafe fn raw(&self) -> &Self::Raw; /// Returns a mutable reference to the wrapped raw value + /// + /// # Safety + /// + /// It is up to the caller to use the returned mutable raw reference without causing undefined + /// behaviour or breaking safety rules. unsafe fn raw_mut(&mut self) -> &mut Self::Raw; } /// Casting from/to a raw type that has the same layout and alignment as the target type pub unsafe trait RawCast: Sized { /// Casts an immutable reference from the raw type + /// + /// # Safety + /// + /// It is up to the caller to guarantee the cast is valid. unsafe fn from_raw(raw: &T) -> &Self { &*(raw as *const _ as *const Self) } /// Casts a mutable reference from the raw type + /// + /// # Safety + /// + /// It is up to the caller to guarantee the cast is valid. unsafe fn from_raw_mut(raw: &mut T) -> &mut Self { &mut *(raw as *mut _ as *mut Self) } /// Casts an immutable reference to the raw type + /// + /// # Safety + /// + /// It is up to the caller to guarantee the cast is valid. unsafe fn raw(&self) -> &T { &*(self as *const _ as *const T) } /// Casts a mutable reference to the raw type + /// + /// # Safety + /// + /// It is up to the caller to guarantee the cast is valid. unsafe fn raw_mut(&mut self) -> &mut T { &mut *(self as *mut _ as *mut T) } diff --git a/src/render/draw_data.rs b/src/render/draw_data.rs index 6a7f57e..c9bea4f 100644 --- a/src/render/draw_data.rs +++ b/src/render/draw_data.rs @@ -219,10 +219,12 @@ pub struct DrawVert { } #[cfg(feature = "glium")] -use glium::implement_vertex; -#[allow(clippy::unneeded_field_pattern)] -#[cfg(feature = "glium")] -implement_vertex!(DrawVert, pos, uv, col); +mod glium_support { + #![allow(clippy::unneeded_field_pattern)] + use super::DrawVert; + use glium::implement_vertex; + implement_vertex!(DrawVert, pos, uv, col); +} #[cfg(feature = "gfx")] mod gfx_support { diff --git a/src/string.rs b/src/string.rs index 7d44b34..6a3f58a 100644 --- a/src/string.rs +++ b/src/string.rs @@ -40,12 +40,20 @@ impl ImString { } /// Converts a vector of bytes to a `ImString` without checking that the string contains valid /// UTF-8 + /// + /// # Safety + /// + /// It is up to the caller to guarantee the vector contains valid UTF-8 and no null terminator. pub unsafe fn from_utf8_unchecked(mut v: Vec) -> ImString { v.push(b'\0'); ImString(v) } /// Converts a vector of bytes to a `ImString` without checking that the string contains valid /// UTF-8 + /// + /// # Safety + /// + /// It is up to the caller to guarantee the vector contains valid UTF-8 and a null terminator. pub unsafe fn from_utf8_with_nul_unchecked(v: Vec) -> ImString { ImString(v) } @@ -102,6 +110,11 @@ impl ImString { /// /// This function *must* be called if the underlying data is modified via a pointer /// obtained by `as_mut_ptr`. + /// + /// # Safety + /// + /// It is up to the caller to guarantee the this ImString contains valid UTF-8 and a null + /// terminator. pub unsafe fn refresh_len(&mut self) { let len = CStr::from_ptr(self.0.as_ptr() as *const c_char) .to_bytes_with_nul() @@ -234,15 +247,28 @@ impl fmt::Display for ImStr { impl ImStr { /// Wraps a raw UTF-8 encoded C string + /// + /// # Safety + /// + /// It is up to the caller to guarantee the pointer is not null and it points to a + /// null-terminated UTF-8 string valid for the duration of the arbitrary lifetime 'a. pub unsafe fn from_ptr_unchecked<'a>(ptr: *const c_char) -> &'a ImStr { ImStr::from_cstr_unchecked(CStr::from_ptr(ptr)) } /// Converts a slice of bytes to an imgui-rs string slice without checking for valid UTF-8 or /// null termination. + /// + /// # Safety + /// + /// It is up to the caller to guarantee the slice contains valid UTF-8 and a null terminator. pub unsafe fn from_utf8_with_nul_unchecked(bytes: &[u8]) -> &ImStr { &*(bytes as *const [u8] as *const ImStr) } /// Converts a CStr reference to an imgui-rs string slice without checking for valid UTF-8. + /// + /// # Safety + /// + /// It is up to the caller to guarantee the CStr reference contains valid UTF-8. pub unsafe fn from_cstr_unchecked(value: &CStr) -> &ImStr { &*(value as *const CStr as *const ImStr) }