Enable and fix undocumented_unsafe_blocks

Author: CraftSpider

Cargo.toml

@@ -66,6 +66,9 @@ members = [
 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(has_error_description_deprecated)'] }
 missing_docs = "deny"
 
+[workspace.lints.clippy]
+undocumented_unsafe_blocks = "deny"
+
 [lib]
 name = "tectonic"
 crate-type = ["rlib"]

crates/bridge_core/src/lib.rs

@@ -221,9 +221,13 @@ impl EngineAbortedError {
         }
     }
 
-    unsafe fn new_with_details() -> Self {
-        let ptr = _ttbc_get_error_message();
-        let message = CStr::from_ptr(ptr).to_string_lossy().into_owned();
+    fn new_with_details() -> Self {
+        // SAFETY: This is always safe to call
+        let ptr = unsafe { _ttbc_get_error_message() };
+        // SAFETY: The pointer returned above will always have a null-terminated C-string in it
+        let message = unsafe { CStr::from_ptr(ptr) }
+            .to_string_lossy()
+            .into_owned();
         EngineAbortedError { message }
     }
 }
@@ -312,7 +316,7 @@ impl<'a> CoreBridgeLauncher<'a> {
 
         if let Err(ref e) = result {
             if e.downcast_ref::<EngineAbortedError>().is_some() {
-                return Err(unsafe { EngineAbortedError::new_with_details() }.into());
+                return Err(EngineAbortedError::new_with_details().into());
             }
         }
 

crates/bridge_flate/src/lib.rs

@@ -154,7 +154,7 @@ pub unsafe extern "C" fn tectonic_flate_new_decompressor(
         done: false,
     };
 
-    Box::leak(Box::new(dc)) as *mut Decompressor as *mut _
+    Box::into_raw(Box::new(dc)).cast::<libc::c_void>()
 }
 
 /// Decompress some DEFLATEd data.
@@ -175,7 +175,7 @@ pub unsafe extern "C" fn tectonic_flate_decompress_chunk(
     output_ptr: *mut u8,
     output_len: *mut u64,
 ) -> libc::c_int {
-    let mut dc = Box::from_raw(handle as *mut Decompressor);
+    let mut dc = Box::from_raw(handle.cast::<Decompressor>());
     let output = slice::from_raw_parts_mut(output_ptr, *output_len as usize);
 
     let (amount, flag) = match dc.decompress_chunk(output) {
@@ -195,6 +195,6 @@ pub unsafe extern "C" fn tectonic_flate_decompress_chunk(
 /// This is a C API function, so it is unsafe.
 #[no_mangle]
 pub unsafe extern "C" fn tectonic_flate_free_decompressor(handle: *mut libc::c_void) {
-    let _dc = Box::from_raw(handle as *mut Decompressor);
+    let _dc = Box::from_raw(handle.cast::<Decompressor>());
     // The box will be freed as we exit.
 }

crates/engine_xdvipdfmx/src/lib.rs

@@ -129,6 +129,8 @@ impl XdvipdfmxEngine {
         let cpdf = CString::new(pdf)?;
 
         launcher.with_global_lock(|state| {
+            // SAFETY: This is called while the global lock is held, and with valid C-strings for
+            //         dvi and pdf.
             let r = unsafe {
                 c_api::tt_engine_xdvipdfmx_main(state, &config, cdvi.as_ptr(), cpdf.as_ptr())
             };

crates/engine_xetex/src/lib.rs

@@ -189,6 +189,7 @@ impl TexEngine {
             // Note that we have to do all of this setup while holding the
             // lock, because we're modifying static state variables.
 
+            // SAFETY: All methods are called with valid C-strings and while the global lock is held.
             let r = unsafe {
                 use c_api::*;
                 tt_xetex_set_int_variable(

crates/xdv/src/lib.rs

@@ -400,11 +400,8 @@ impl<T: XdvEvents> XdvParser<T> {
                 // already-read bytes so that the parser gets a nice
                 // contiguous set of bytes to look at. The copy may involve
                 // overlapping memory regions (imagine we read 4096 bytes but
-                // only consume 1) so we have to get unsafe.
-                let ptr = buf.as_mut_ptr();
-                unsafe {
-                    std::ptr::copy(ptr.add(n_consumed), ptr, n_saved_bytes);
-                }
+                // only consume 1).
+                buf.copy_within(n_consumed..n_in_buffer, 0);
             }
 
             if n_in_buffer != 0 && n_consumed == 0 {