Ensure that all functions with safety requirements are marked unsafe.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Electric-Coin-Company · Nov 16, 2022 · 23bbbe1 · 23bbbe1
1 parent 6ada24f
commit 23bbbe1
Showing 1 changed file with 55 additions and 51 deletions.
diff --git a/rust/src/lib.rs b/rust/src/lib.rs
@@ -161,7 +161,7 @@ pub extern "C" fn zcashlc_clear_last_error() {
 /// - The total size `seed_len` must be no larger than `isize::MAX`. See the safety documentation
 ///   of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_init_data_database(
+pub unsafe extern "C" fn zcashlc_init_data_database(
     db_data: *const u8,
     db_data_len: usize,
     seed: *const u8,
@@ -262,7 +262,7 @@ pub unsafe extern "C" fn zcashlc_free_binary_key(ptr: *mut FFIBinaryKey) {
 ///
 /// [ZIP 316]: https://zips.z.cash/zip-0316
 #[no_mangle]
-pub extern "C" fn zcashlc_create_account(
+pub unsafe extern "C" fn zcashlc_create_account(
     db_data: *const u8,
     db_data_len: usize,
     seed: *const u8,
@@ -371,7 +371,7 @@ pub unsafe extern "C" fn zcashlc_free_keys(ptr: *mut FFIEncodedKeys) {
 /// - The total size `ufvks_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_init_accounts_table_with_keys(
+pub unsafe extern "C" fn zcashlc_init_accounts_table_with_keys(
     db_data: *const u8,
     db_data_len: usize,
     ufvks_ptr: *mut FFIEncodedKey,
@@ -489,7 +489,7 @@ unsafe fn decode_usk(
 /// - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
 ///   when you are done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_spending_key_to_full_viewing_key(
+pub unsafe extern "C" fn zcashlc_spending_key_to_full_viewing_key(
     usk_ptr: *const u8,
     usk_len: usize,
     network_id: u32,
@@ -526,7 +526,7 @@ pub extern "C" fn zcashlc_spending_key_to_full_viewing_key(
 /// - The memory referenced by `sapling_tree_hex` must not be mutated for the duration of the
 ///   function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_init_blocks_table(
+pub unsafe extern "C" fn zcashlc_init_blocks_table(
     db_data: *const u8,
     db_data_len: usize,
     height: i32,
@@ -573,7 +573,7 @@ pub extern "C" fn zcashlc_init_blocks_table(
 /// - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
 ///   when done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_current_address(
+pub unsafe extern "C" fn zcashlc_get_current_address(
     db_data: *const u8,
     db_data_len: usize,
     account: i32,
@@ -619,7 +619,7 @@ pub extern "C" fn zcashlc_get_current_address(
 /// - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
 ///   when done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_next_available_address(
+pub unsafe extern "C" fn zcashlc_get_next_available_address(
     db_data: *const u8,
     db_data_len: usize,
     account: i32,
@@ -666,7 +666,7 @@ pub extern "C" fn zcashlc_get_next_available_address(
 /// - Call [`zcashlc_free_keys`] to free the memory associated with the returned pointer
 ///   when done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_list_transparent_receivers(
+pub unsafe extern "C" fn zcashlc_list_transparent_receivers(
     db_data: *const u8,
     db_data_len: usize,
     account_id: i32,
@@ -720,7 +720,7 @@ pub extern "C" fn zcashlc_list_transparent_receivers(
 /// - Call [`zcashlc_free_typecodes`] to free the memory associated with the returned
 ///   pointer when done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_typecodes_for_unified_address_receivers(
+pub unsafe extern "C" fn zcashlc_get_typecodes_for_unified_address_receivers(
     ua: *const c_char,
     len_ret: *mut usize,
 ) -> *mut u32 {
@@ -788,7 +788,7 @@ impl zcash_address::TryFromRawAddress for UnifiedAddressParser {
 /// - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
 ///   when done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_transparent_receiver_for_unified_address(
+pub unsafe extern "C" fn zcashlc_get_transparent_receiver_for_unified_address(
     ua: *const c_char,
 ) -> *mut c_char {
     let res = catch_panic(|| {
@@ -829,7 +829,7 @@ pub extern "C" fn zcashlc_get_transparent_receiver_for_unified_address(
 /// - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
 ///   when done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_sapling_receiver_for_unified_address(
+pub unsafe extern "C" fn zcashlc_get_sapling_receiver_for_unified_address(
     ua: *const c_char,
 ) -> *mut c_char {
     let res = catch_panic(|| {
@@ -864,7 +864,7 @@ pub extern "C" fn zcashlc_get_sapling_receiver_for_unified_address(
 /// - `address` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `address` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_is_valid_shielded_address(
+pub unsafe extern "C" fn zcashlc_is_valid_shielded_address(
     address: *const c_char,
     network_id: u32,
 ) -> bool {
@@ -971,7 +971,7 @@ impl TryFromAddress for AddressMetadata {
 /// - `address` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `address` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_address_metadata(
+pub unsafe extern "C" fn zcashlc_get_address_metadata(
     address: *const c_char,
     network_id_ret: *mut u32,
     addr_kind_ret: *mut u32,
@@ -1016,7 +1016,7 @@ pub extern "C" fn zcashlc_get_address_metadata(
 /// - `address` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `address` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_is_valid_transparent_address(
+pub unsafe extern "C" fn zcashlc_is_valid_transparent_address(
     address: *const c_char,
     network_id: u32,
 ) -> bool {
@@ -1046,7 +1046,7 @@ fn is_valid_transparent_address(address: &str, network: &Network) -> bool {
 /// - `extsk` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `extsk` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_is_valid_sapling_extended_spending_key(
+pub unsafe extern "C" fn zcashlc_is_valid_sapling_extended_spending_key(
     extsk: *const c_char,
     network_id: u32,
 ) -> bool {
@@ -1070,7 +1070,7 @@ pub extern "C" fn zcashlc_is_valid_sapling_extended_spending_key(
 /// - `key` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `key` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_is_valid_viewing_key(key: *const c_char, network_id: u32) -> bool {
+pub unsafe extern "C" fn zcashlc_is_valid_viewing_key(key: *const c_char, network_id: u32) -> bool {
     let res =
         catch_panic(|| {
             let network = parse_network(network_id)?;
@@ -1094,7 +1094,7 @@ pub extern "C" fn zcashlc_is_valid_viewing_key(key: *const c_char, network_id: u
 /// - The memory referenced by `ufvk` must not be mutated for the duration of the
 ///   function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_is_valid_unified_full_viewing_key(
+pub unsafe extern "C" fn zcashlc_is_valid_unified_full_viewing_key(
     ufvk: *const c_char,
     network_id: u32,
 ) -> bool {
@@ -1116,7 +1116,7 @@ pub extern "C" fn zcashlc_is_valid_unified_full_viewing_key(
 /// - The memory referenced by `address` must not be mutated for the duration of the
 ///   function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_is_valid_unified_address(
+pub unsafe extern "C" fn zcashlc_is_valid_unified_address(
     address: *const c_char,
     network_id: u32,
 ) -> bool {
@@ -1149,7 +1149,7 @@ fn is_valid_unified_address(address: &str, network: &Network) -> bool {
 /// - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_balance(
+pub unsafe extern "C" fn zcashlc_get_balance(
     db_data: *const u8,
     db_data_len: usize,
     account: i32,
@@ -1192,7 +1192,7 @@ pub extern "C" fn zcashlc_get_balance(
 /// - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_verified_balance(
+pub unsafe extern "C" fn zcashlc_get_verified_balance(
     db_data: *const u8,
     db_data_len: usize,
     account: i32,
@@ -1238,7 +1238,7 @@ pub extern "C" fn zcashlc_get_verified_balance(
 /// - `address` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `address` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_verified_transparent_balance(
+pub unsafe extern "C" fn zcashlc_get_verified_transparent_balance(
     db_data: *const u8,
     db_data_len: usize,
     address: *const c_char,
@@ -1289,7 +1289,7 @@ pub extern "C" fn zcashlc_get_verified_transparent_balance(
 /// - `address` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `address` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_verified_transparent_balance_for_account(
+pub unsafe extern "C" fn zcashlc_get_verified_transparent_balance_for_account(
     db_data: *const u8,
     db_data_len: usize,
     network_id: u32,
@@ -1362,7 +1362,7 @@ pub extern "C" fn zcashlc_get_verified_transparent_balance_for_account(
 /// - `address` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `address` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_total_transparent_balance(
+pub unsafe extern "C" fn zcashlc_get_total_transparent_balance(
     db_data: *const u8,
     db_data_len: usize,
     address: *const c_char,
@@ -1411,7 +1411,7 @@ pub extern "C" fn zcashlc_get_total_transparent_balance(
 /// - `address` must be non-null and must point to a null-terminated UTF-8 string.
 /// - The memory referenced by `address` must not be mutated for the duration of the function call.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_total_transparent_balance_for_account(
+pub unsafe extern "C" fn zcashlc_get_total_transparent_balance_for_account(
     db_data: *const u8,
     db_data_len: usize,
     network_id: u32,
@@ -1470,7 +1470,7 @@ pub extern "C" fn zcashlc_get_total_transparent_balance_for_account(
 /// - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
 ///   when done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_received_memo_as_utf8(
+pub unsafe extern "C" fn zcashlc_get_received_memo_as_utf8(
     db_data: *const u8,
     db_data_len: usize,
     id_note: i64,
@@ -1510,20 +1510,22 @@ pub extern "C" fn zcashlc_get_received_memo_as_utf8(
 ///   documentation of pointer::offset.
 /// - `memo_bytes_ret` must be non-null and must point to an allocated 512-byte region of memory.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_received_memo(
+pub unsafe extern "C" fn zcashlc_get_received_memo(
     db_data: *const u8,
     db_data_len: usize,
     id_note: i64,
     memo_bytes_ret: *mut u8,
     network_id: u32,
 ) -> bool {
-    zcashlc_get_memo(
-        db_data,
-        db_data_len,
-        NoteId::ReceivedNoteId(id_note),
-        memo_bytes_ret,
-        network_id,
-    )
+    unsafe {
+        zcashlc_get_memo(
+            db_data,
+            db_data_len,
+            NoteId::ReceivedNoteId(id_note),
+            memo_bytes_ret,
+            network_id,
+        )
+    }
 }
 
 /// Returns the memo for a note by copying the corresponding bytes to the received
@@ -1538,7 +1540,7 @@ pub extern "C" fn zcashlc_get_received_memo(
 /// - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 /// - `memo_bytes_ret` must be non-null and must point to an allocated 512-byte region of memory.
-fn zcashlc_get_memo(
+unsafe fn zcashlc_get_memo(
     db_data: *const u8,
     db_data_len: usize,
     note_id: NoteId,
@@ -1576,7 +1578,7 @@ fn zcashlc_get_memo(
 /// - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
 ///   when done using it.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_sent_memo_as_utf8(
+pub unsafe extern "C" fn zcashlc_get_sent_memo_as_utf8(
     db_data: *const u8,
     db_data_len: usize,
     id_note: i64,
@@ -1616,20 +1618,22 @@ pub extern "C" fn zcashlc_get_sent_memo_as_utf8(
 ///   documentation of pointer::offset.
 /// - `memo_bytes_ret` must be non-null and must point to an allocated 512-byte region of memory.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_sent_memo(
+pub unsafe extern "C" fn zcashlc_get_sent_memo(
     db_data: *const u8,
     db_data_len: usize,
     id_note: i64,
     memo_bytes_ret: *mut u8,
     network_id: u32,
 ) -> bool {
-    zcashlc_get_memo(
-        db_data,
-        db_data_len,
-        NoteId::SentNoteId(id_note),
-        memo_bytes_ret,
-        network_id,
-    )
+    unsafe {
+        zcashlc_get_memo(
+            db_data,
+            db_data_len,
+            NoteId::SentNoteId(id_note),
+            memo_bytes_ret,
+            network_id,
+        )
+    }
 }
 
 /// Checks that the scanned blocks in the data database, when combined with the recent
@@ -1664,7 +1668,7 @@ pub extern "C" fn zcashlc_get_sent_memo(
 /// - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_validate_combined_chain(
+pub unsafe extern "C" fn zcashlc_validate_combined_chain(
     db_cache: *const u8,
     db_cache_len: usize,
     db_data: *const u8,
@@ -1710,7 +1714,7 @@ pub extern "C" fn zcashlc_validate_combined_chain(
 /// - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_get_nearest_rewind_height(
+pub unsafe extern "C" fn zcashlc_get_nearest_rewind_height(
     db_data: *const u8,
     db_data_len: usize,
     height: i32,
@@ -1762,7 +1766,7 @@ pub extern "C" fn zcashlc_get_nearest_rewind_height(
 /// - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_rewind_to_height(
+pub unsafe extern "C" fn zcashlc_rewind_to_height(
     db_data: *const u8,
     db_data_len: usize,
     height: i32,
@@ -1812,7 +1816,7 @@ pub extern "C" fn zcashlc_rewind_to_height(
 /// - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_scan_blocks(
+pub unsafe extern "C" fn zcashlc_scan_blocks(
     db_cache: *const u8,
     db_cache_len: usize,
     db_data: *const u8,
@@ -1859,7 +1863,7 @@ pub extern "C" fn zcashlc_scan_blocks(
 /// - The total size `script_bytes_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_put_utxo(
+pub unsafe extern "C" fn zcashlc_put_utxo(
     db_data: *const u8,
     db_data_len: usize,
     txid_bytes: *const u8,
@@ -1921,7 +1925,7 @@ pub extern "C" fn zcashlc_put_utxo(
 /// - The total size `tx_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_decrypt_and_store_transaction(
+pub unsafe extern "C" fn zcashlc_decrypt_and_store_transaction(
     db_data: *const u8,
     db_data_len: usize,
     tx: *const u8,
@@ -1988,7 +1992,7 @@ pub extern "C" fn zcashlc_decrypt_and_store_transaction(
 /// - The total size `output_params_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_create_to_address(
+pub unsafe extern "C" fn zcashlc_create_to_address(
     db_data: *const u8,
     db_data_len: usize,
     usk_ptr: *const u8,
@@ -2151,7 +2155,7 @@ pub unsafe extern "C" fn zcashlc_string_free(s: *mut c_char) {
 /// - The total size `output_params_len` must be no larger than `isize::MAX`. See the safety
 ///   documentation of pointer::offset.
 #[no_mangle]
-pub extern "C" fn zcashlc_shield_funds(
+pub unsafe extern "C" fn zcashlc_shield_funds(
     db_data: *const u8,
     db_data_len: usize,
     usk_ptr: *const u8,