Mark write_to_spare_capacity_of_vec as unsafe

NobodyXu · web-flow · commit 6e44260e9536 · 2025-09-28T16:03:24.000+10:00
And add safety comment
diff --git a/src/mem.rs b/src/mem.rs
@@ -362,12 +362,15 @@ impl Compress {
         output: &mut Vec<u8>,
         flush: FlushCompress,
     ) -> Result<Status, CompressError> {
-        write_to_spare_capacity_of_vec(output, |out| {
-            let before = self.total_out();
-            let ret = self.compress_uninit(input, out, flush);
-            let bytes_written = self.total_out() - before;
-            (bytes_written as usize, ret)
-        })
+        // SAFETY: bytes_written is the number of bytes writte into `out`
+        unsafe {
+            write_to_spare_capacity_of_vec(output, |out| {
+                let before = self.total_out();
+                let ret = self.compress_uninit(input, out, flush);
+                let bytes_written = self.total_out() - before;
+                (bytes_written as usize, ret)
+            })
+        }
     }
 }
 
@@ -496,12 +499,15 @@ impl Decompress {
         output: &mut Vec<u8>,
         flush: FlushDecompress,
     ) -> Result<Status, DecompressError> {
-        write_to_spare_capacity_of_vec(output, |out| {
-            let before = self.total_out();
-            let ret = self.decompress_uninit(input, out, flush);
-            let bytes_written = self.total_out() - before;
-            (bytes_written as usize, ret)
-        })
+        // SAFETY: bytes_written is the number of bytes writte into `out`
+        unsafe {
+            write_to_spare_capacity_of_vec(output, |out| {
+                let before = self.total_out();
+                let ret = self.decompress_uninit(input, out, flush);
+                let bytes_written = self.total_out() - before;
+                (bytes_written as usize, ret)
+            })
+        }
     }
 
     /// Specifies the decompression dictionary to use.
@@ -601,19 +607,22 @@ impl fmt::Display for CompressError {
 ///
 /// `writer` needs to return the number of bytes written (and can also return
 /// another arbitrary return value).
-fn write_to_spare_capacity_of_vec<T>(
+///
+/// # Safety:
+///
+/// The length returned by the `writer` must be equal to actual number of bytes written
+/// to the uninitialized slice passed in and initialized.
+unsafe fn write_to_spare_capacity_of_vec<T>(
     output: &mut Vec<u8>,
     writer: impl FnOnce(&mut [MaybeUninit<u8>]) -> (usize, T),
 ) -> T {
     let cap = output.capacity();
     let len = output.len();
 
-    unsafe {
-        let (bytes_written, ret) = writer(output.spare_capacity_mut());
-        output.set_len(cap.min(len + bytes_written)); // Sanitizes `bytes_written`.
+    let (bytes_written, ret) = writer(output.spare_capacity_mut());
+    output.set_len(cap.min(len + bytes_written)); // Sanitizes `bytes_written`.
 
-        ret
-    }
+    ret
 }
 
 #[cfg(test)]
