Add missing safety comments. These will soon be required by a lint. Bug: 290018030 Test: m rust Merged-In: Iaa33bab93c458d963d45ec68daf243057b9f1c15 Change-Id: Ia822853e44cc74d0c27622c8d30ca7c404058663

commit: 03350bc91d82d77d9d2fa10daa53c904dc5796aa [log] [tgz]
author: Andrew Walbran <qwandor@google.com> Thu Aug 03 16:02:51 2023 +0000
committer: Jim Shargo <jshargo@google.com> Tue Oct 10 19:00:39 2023 +0000
tree: 997346c17470035f0801aebebeebcb7ee3a8e84d
parent: 7df9f75955ff5686f6deda4a22d5d262863cae05 [diff] [blame]
diff --git a/libs/nativewindow/rust/src/lib.rs b/libs/nativewindow/rust/src/lib.rs
index a5bcc62..0ed381e 100644
--- a/libs/nativewindow/rust/src/lib.rs
+++ b/libs/nativewindow/rust/src/lib.rs

@@ -199,6 +199,7 @@
     #[test]
     #[should_panic]
     fn take_from_raw_panics_on_null() {
+        // SAFETY: Passing a null pointer is safe, it should just panic.
         unsafe { AHardwareBuffer::take_from_raw(ptr::null_mut()) };
     }
 
@@ -216,9 +217,13 @@
         };
         let mut raw_buffer_ptr = ptr::null_mut();
 
+        // SAFETY: The pointers are valid because they come from references, and
+        // `AHardwareBuffer_allocate` doesn't retain them after it returns.
         let status = unsafe { ffi::AHardwareBuffer_allocate(&buffer_desc, &mut raw_buffer_ptr) };
         assert_eq!(status, 0);
 
+        // SAFETY: The pointer must be valid because it was just allocated successfully, and we
+        // don't use it after calling this.
         let buffer = unsafe { AHardwareBuffer::take_from_raw(raw_buffer_ptr as *mut c_void) };
         assert_eq!(buffer.width(), 1024);
     }
commit	03350bc91d82d77d9d2fa10daa53c904dc5796aa	[log] [tgz]
author	Andrew Walbran <qwandor@google.com>	Thu Aug 03 16:02:51 2023 +0000
committer	Jim Shargo <jshargo@google.com>	Tue Oct 10 19:00:39 2023 +0000
tree	997346c17470035f0801aebebeebcb7ee3a8e84d
parent	7df9f75955ff5686f6deda4a22d5d262863cae05 [diff] [blame]