[tor-commits] [tor/master] Remove new unsafe {} use.

Thu Feb 8 22:36:17 UTC 2018

commit d8307cb0e99d28daa4011e4e9d94e3f8c56cba23
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Feb 8 17:26:26 2018 -0500

    Remove new unsafe {} use.
    
    Rationale: this helps for performance only, but we don't actually
    have any reason to think that the checks here are
    performance-critical.  Let's not normalize the use of unsafe {}.
---
 src/rust/protover/ffi.rs      | 12 ++++--------
 src/rust/protover/protover.rs |  9 +++++----
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs
index 5519b75ea..d724c102d 100644
--- a/src/rust/protover/ffi.rs
+++ b/src/rust/protover/ffi.rs
@@ -149,13 +149,11 @@ pub extern "C" fn protover_get_supported_protocols() -> *const c_char {
     // programming error.
     assert!(byte_slice_is_c_like(SUPPORTED_PROTOCOLS));
 
-    // It's okay to call the "unchecked" version of the function because
+    // It's okay to unwrap the result of this function because
     // we can see that the bytes we're passing into it 1) are valid UTF-8,
     // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL
     // byte.
-    unsafe {
-        supported = CStr::from_bytes_with_nul_unchecked(SUPPORTED_PROTOCOLS);
-    }
+    supported = CStr::from_bytes_with_nul(SUPPORTED_PROTOCOLS).unwrap();
 
     supported.as_ptr()
 }
@@ -230,13 +228,11 @@ pub extern "C" fn protover_compute_for_old_tor(version: *const c_char) -> *const
     // programming error.
     assert!(byte_slice_is_c_like(elder_protocols));
 
-    // It's okay to call the "unchecked" version of the function because
+    // It's okay to unwrap the result of this function because
     // we can see that the bytes we're passing into it 1) are valid UTF-8,
     // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL
     // byte.
-    unsafe {
-        supported = CStr::from_bytes_with_nul_unchecked(elder_protocols);
-    }
+    supported = CStr::from_bytes_with_nul(elder_protocols).unwrap();
 
     supported.as_ptr()
 }
diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs
index 1680d3394..f3a5ea23e 100644
--- a/src/rust/protover/protover.rs
+++ b/src/rust/protover/protover.rs
@@ -106,10 +106,11 @@ impl FromStr for Proto {
 /// "HSDir=1-1 LinkAuth=1"
 ///
 pub fn get_supported_protocols() -> &'static str {
-    unsafe {
-        // The `len() - 1` is to remove the NUL byte.
-        str::from_utf8_unchecked(&SUPPORTED_PROTOCOLS[..SUPPORTED_PROTOCOLS.len() - 1])
-    }
+    // The `len() - 1` is to remove the NUL byte.
+    // The `unwrap` is safe becauase we SUPPORTED_PROTOCOLS is under
+    // our control.
+    str::from_utf8(&SUPPORTED_PROTOCOLS[..SUPPORTED_PROTOCOLS.len() - 1])
+        .unwrap()
 }
 
 /// Translates a vector representation of a protocol list into a HashMap



