Make Uid::from_raw a safe function. (#1294)

sunfishcode · web-flow · commit 721bedc771f0 · 2025-01-31T05:45:59.000-08:00
And same for `Gid::from_raw`.

These types don't lead anything to invoke undefined behavior, so their
constructors don't need to be unsafe.
diff --git a/src/pid.rs b/src/pid.rs
@@ -36,11 +36,9 @@ impl Pid {
     /// [pidfd]: https://man7.org/linux/man-pages/man2/pidfd_open.2.html
     #[inline]
     pub const fn from_raw(raw: RawPid) -> Option<Self> {
-        if raw > 0 {
-            // SAFETY: We just checked that `raw > 0`.
-            unsafe { Some(Self::from_raw_unchecked(raw)) }
-        } else {
-            None
+        match NonZeroI32::new(raw) {
+            Some(non_zero) => Some(Self(non_zero)),
+            None => None,
         }
     }
 
diff --git a/src/ugid.rs b/src/ugid.rs
@@ -1,15 +1,11 @@
 //! User and Group ID types.
 
-#![allow(unsafe_code)]
-
 use crate::backend::c;
 use crate::ffi;
 
 /// A group identifier as a raw integer.
-#[cfg(not(target_os = "wasi"))]
 pub type RawGid = ffi::c_uint;
 /// A user identifier as a raw integer.
-#[cfg(not(target_os = "wasi"))]
 pub type RawUid = ffi::c_uint;
 
 /// `uid_t`—A Unix user ID.
@@ -28,11 +24,18 @@ impl Uid {
 
     /// Converts a `RawUid` into a `Uid`.
     ///
-    /// # Safety
+    /// `raw` must be the value of a valid Unix user ID, and not `-1`.
+    #[inline]
+    pub fn from_raw(raw: RawUid) -> Self {
+        debug_assert_ne!(raw, -1 as _);
+        Self(raw)
+    }
+
+    /// Converts a `RawUid` into a `Uid`.
     ///
-    /// `raw` must be the value of a valid Unix user ID.
+    /// `raw` must be the value of a valid Unix user ID, and not `-1`.
     #[inline]
-    pub const unsafe fn from_raw(raw: RawUid) -> Self {
+    pub const fn from_raw_unchecked(raw: RawUid) -> Self {
         Self(raw)
     }
 
@@ -55,11 +58,18 @@ impl Gid {
 
     /// Converts a `RawGid` into a `Gid`.
     ///
-    /// # Safety
+    /// `raw` must be the value of a valid Unix group ID, and not `-1`.
+    #[inline]
+    pub fn from_raw(raw: RawGid) -> Self {
+        debug_assert_ne!(raw, -1 as _);
+        Self(raw)
+    }
+
+    /// Converts a `RawGid` into a `Gid`.
     ///
-    /// `raw` must be the value of a valid Unix group ID.
+    /// `raw` must be the value of a valid Unix group ID, and not `-1`.
     #[inline]
-    pub const unsafe fn from_raw(raw: RawGid) -> Self {
+    pub const fn from_raw_unchecked(raw: RawGid) -> Self {
         Self(raw)
     }
 

Original file line number	Diff line number	Diff line change
`@@ -36,11 +36,9 @@ impl Pid {`
`36`	`36`	`/// [pidfd]: https://man7.org/linux/man-pages/man2/pidfd_open.2.html`
`37`	`37`	`#[inline]`
`38`	`38`	`pub const fn from_raw(raw: RawPid) -> Option<Self> {`
`39`		`- if raw > 0 {`
`40`		- // SAFETY: We just checked that `raw > 0`.
`41`		`- unsafe { Some(Self::from_raw_unchecked(raw)) }`
`42`		`- } else {`
`43`		`- None`
	`39`	`+ match NonZeroI32::new(raw) {`
	`40`	`+ Some(non_zero) => Some(Self(non_zero)),`
	`41`	`+ None => None,`
`44`	`42`	`}`
`45`	`43`	`}`
`46`	`44`