Improve encapsulation of unsafe code #51
Conversation
Don't allow mixing alloc and free functions from different allocators to prevent UB.
…e possible This allows catching cases where the underflow happens anyway when debug assertions are enabled.
Codecov ReportAttention: Patch coverage is
|
| if let Some(next_byte) = strm.read_byte() { | ||
| $s.bsBuff = $s.bsBuff << 8 | next_byte as u32; | ||
| $s.bsLive += 8; |
There was a problem hiding this comment.
as a note, I suspect speedup when we make the bsBuff a u64 and/or try to perform wider reads here.
| if strm.avail_out == 0 { | ||
| if s.state_out_pos >= s.writer.num_z as i32 { | ||
| break; | ||
| } | ||
| if s.state_out_pos >= s.writer.num_z as i32 { | ||
| if !strm.write_byte(zbits[s.state_out_pos as usize]) { | ||
| break; |
There was a problem hiding this comment.
could this use if let Some(v) = zbits.get(s.state_out_pos)?
There was a problem hiding this comment.
num_z can be less than zbits.len(), but never bigger. As such I think we should keep panicking if zbits[s.state_out_pos] is out of bounds.
There was a problem hiding this comment.
huh? doesn't the top check verify that the index is in-range? In what case could this panic?
There was a problem hiding this comment.
It shouldn't. Hence why using zbits.get() instead of zbits[] is not necessary.
| return ReturnCode::BZ_DATA_ERROR; | ||
| } | ||
| return ReturnCode::BZ_STREAM_END; | ||
| _ => match decompress(strm, s, allocator.clone()) { |
There was a problem hiding this comment.
we could make decompress take the allocator by-reference? most other functions already do
No description provided.