script: Wrap unsafe code in components/script/bindings in unsafe {} (#38544)

Clippy now checks to see if unsafe code is wrapped in unsafe blocks. We have this lint disabled for `script` and `script_bindings` because of a lot of legacy code that doesn't do this. The lint is useful though as it makes it more obvious what code is unsafe. This is an incremental step toward being able to turn this lint on for `script`. This has the benefit of silencing warnings that show up in some IDEs that use rust-analyzer. Testing: This should not change behavior at all and is thus covered by existing tests. Signed-off-by: Martin Robinson <mrobinson@igalia.com>
2025-09-30 08:39:16 +01:00 · 2025-08-08 19:18:30 +02:00 · 2025-08-08 19:18:30 +02:00 · 931025c16e
commit 931025c16e
parent fef104cff7
13 changed files with 147 additions and 114 deletions
--- a/components/script/dom/bindings/principals.rs
+++ b/components/script/dom/bindings/principals.rs
@ -16,8 +16,10 @@ use crate::DomTypeHolder;

 #[allow(unused)]
 pub(crate) unsafe extern "C" fn destroy_servo_jsprincipal(principals: *mut JSPrincipals) {
-    Box::from_raw(GetRustJSPrincipalsPrivate(principals) as *mut MutableOrigin);
-    DestroyRustJSPrincipals(principals);
+    unsafe {
+        Box::from_raw(GetRustJSPrincipalsPrivate(principals) as *mut MutableOrigin);
+        DestroyRustJSPrincipals(principals);
+    }
 }

 pub(crate) unsafe extern "C" fn write_jsprincipal(
@ -28,7 +30,7 @@ pub(crate) unsafe extern "C" fn write_jsprincipal(
    let Some(principal) = NonNull::new(principal) else {
        return false;
    };
-    let obj = ServoJSPrincipalsRef::from_raw_nonnull(principal);
+    let obj = unsafe { ServoJSPrincipalsRef::from_raw_nonnull(principal) };
    let origin = obj.origin();
    let Ok(bytes_of_origin) = bincode::serialize(&origin) else {
        return false;
@ -36,12 +38,16 @@ pub(crate) unsafe extern "C" fn write_jsprincipal(
    let Ok(len) = bytes_of_origin.len().try_into() else {
        return false;
    };
-    if !js::jsapi::JS_WriteUint32Pair(writer, StructuredCloneTags::Principals as u32, len) {
-        return false;
-    }
-    if !js::jsapi::JS_WriteBytes(writer, bytes_of_origin.as_ptr() as _, len as usize) {
-        return false;
+
+    unsafe {
+        if !js::jsapi::JS_WriteUint32Pair(writer, StructuredCloneTags::Principals as u32, len) {
+            return false;
+        }
+        if !js::jsapi::JS_WriteBytes(writer, bytes_of_origin.as_ptr() as _, len as usize) {
+            return false;
+        }
    }
+
    true
 }

@ -52,21 +58,29 @@ pub(crate) unsafe extern "C" fn read_jsprincipal(
 ) -> bool {
    let mut tag: u32 = 0;
    let mut len: u32 = 0;
-    if !JS_ReadUint32Pair(reader, &mut tag as *mut u32, &mut len as *mut u32) {
-        return false;
+
+    unsafe {
+        if !JS_ReadUint32Pair(reader, &mut tag as *mut u32, &mut len as *mut u32) {
+            return false;
+        }
    }
+
    if tag != StructuredCloneTags::Principals as u32 {
        return false;
    }
    let mut bytes = vec![0u8; len as usize];
-    if !js::jsapi::JS_ReadBytes(reader, bytes.as_mut_ptr() as _, len as usize) {
-        return false;
+
+    unsafe {
+        if !js::jsapi::JS_ReadBytes(reader, bytes.as_mut_ptr() as _, len as usize) {
+            return false;
+        }
    }
+
    let Ok(origin) = bincode::deserialize(&bytes[..]) else {
        return false;
    };
    let principal = ServoJSPrincipals::new::<DomTypeHolder>(&origin);
-    *principals = principal.as_raw();
+    unsafe { *principals = principal.as_raw() };
    // we transferred ownership of principal to the caller
    std::mem::forget(principal);
    true
@ -85,8 +99,8 @@ unsafe extern "C" fn principals_is_system_or_addon_principal(_: *mut JSPrincipal
 pub(crate) unsafe extern "C" fn subsumes(obj: *mut JSPrincipals, other: *mut JSPrincipals) -> bool {
    match (NonNull::new(obj), NonNull::new(other)) {
        (Some(obj), Some(other)) => {
-            let obj = ServoJSPrincipalsRef::from_raw_nonnull(obj);
-            let other = ServoJSPrincipalsRef::from_raw_nonnull(other);
+            let obj = unsafe { ServoJSPrincipalsRef::from_raw_nonnull(obj) };
+            let other = unsafe { ServoJSPrincipalsRef::from_raw_nonnull(other) };
            let obj_origin = obj.origin();
            let other_origin = other.origin();
            obj_origin.same_origin_domain(&other_origin)