summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Andrew Walbran <qwandor@google.com> 2023-10-10 23:30:02 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-10-10 23:30:02 +0000
commitd8a503bafa3fad709c49b5fa738cdd8dcf10e19c (patch)
tree35278b84756a5e03c465ab113c746a9361dff032
parent20c5a86de007ff2ade47d6ef34485d2226332e9b (diff)
parentb6f2ded45d0f284883cba025d3a92c31c57fec61 (diff)
Add missing safety comments. am: 03350bc91d am: b3327511a3 am: 1ef3979c30 am: b6f2ded45d
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2776851 Change-Id: Ibf4cf45aafd282cf353b0c8970850fc496a4d452 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--libs/nativewindow/rust/src/lib.rs5
1 files changed, 5 insertions, 0 deletions
diff --git a/libs/nativewindow/rust/src/lib.rs b/libs/nativewindow/rust/src/lib.rs
index a5bcc6293a..0ed381eac5 100644
--- a/libs/nativewindow/rust/src/lib.rs
+++ b/libs/nativewindow/rust/src/lib.rs
@@ -199,6 +199,7 @@ mod ahardwarebuffer_tests {
#[test]
#[should_panic]
fn take_from_raw_panics_on_null() {
+ // SAFETY: Passing a null pointer is safe, it should just panic.
unsafe { AHardwareBuffer::take_from_raw(ptr::null_mut()) };
}
@@ -216,9 +217,13 @@ mod ahardwarebuffer_tests {
};
let mut raw_buffer_ptr = ptr::null_mut();
+ // SAFETY: The pointers are valid because they come from references, and
+ // `AHardwareBuffer_allocate` doesn't retain them after it returns.
let status = unsafe { ffi::AHardwareBuffer_allocate(&buffer_desc, &mut raw_buffer_ptr) };
assert_eq!(status, 0);
+ // SAFETY: The pointer must be valid because it was just allocated successfully, and we
+ // don't use it after calling this.
let buffer = unsafe { AHardwareBuffer::take_from_raw(raw_buffer_ptr as *mut c_void) };
assert_eq!(buffer.width(), 1024);
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-01 21:27:27 +0000