dailz/wl-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(unsafe): add SAFETY comment and runtime guards for from_raw_parts in drain_encoder

Browse Source 
Issue: #5

- Read AVPacket fields into local variable to avoid repeated pointer deref
- Guard against size <= 0 (prevents c_int negative wrap to huge usize)
- Guard against null data pointer (from_raw_parts(null, 0) is UB in Rust)
- Add SAFETY comment matching existing codebase convention (30+ instances)
This commit is contained in:
dailz
2026-06-06 11:56:47 +08:00
parent 9a5b09cd7f
commit fd170b66d9
1 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/avhw.rs
View File

@@ -866,14 +866,19 @@ impl SwEncState {
self.frames_written = true; self.frames_written = true;
} }
Some(FrameOutput::Channel(ref tx)) => { Some(FrameOutput::Channel(ref tx)) => {
let raw = unsafe { *pkt.as_mut_ptr() };
if raw.size > 0 && !raw.data.is_null() {
// SAFETY: `pkt` is a valid AVPacket just filled by a successful
// `avcodec_receive_packet` call. We checked `size > 0` and
// `data` is non-null, so `data` points to `size` initialized
// bytes owned by the packet. `u8` has alignment 1, and the
// slice is copied into a Vec before the packet is unreffed.
let data: &[u8] = unsafe { let data: &[u8] = unsafe {
std::slice::from_raw_parts( std::slice::from_raw_parts(raw.data, raw.size as usize)
(*pkt.as_mut_ptr()).data,
(*pkt.as_mut_ptr()).size as usize,
)
}; };
let _ = tx.send(data.to_vec()); let _ = tx.send(data.to_vec());
} }
}
None => {} None => {}
} }
} }