From 97ea4173f61769ef804e9b309f1bd8646dcfd778 Mon Sep 17 00:00:00 2001 From: Jean-Pierre De Jesus DIAZ Date: Mon, 13 May 2024 14:07:59 +0200 Subject: [PATCH] SFT-3616: Fix Rust warnings. The Passport firmware code runs on a "single thread" so the warnings don't apply here. * extmod/foundation-rust/src/secp256k1.rs: Replace `&mut ...' with `&mut *addr_of_mut!(...)'. * extmod/foundation-rust/src/ur/decoder.rs: Ditto. * extmod/foundation-rust/src/ur/encoder.rs: Ditto. * extmod/foundation-rust/src/ur/mod.rs: Ditto. --- extmod/foundation-rust/src/secp256k1.rs | 9 ++++++++- extmod/foundation-rust/src/ur/decoder.rs | 5 +++-- extmod/foundation-rust/src/ur/encoder.rs | 6 +++--- extmod/foundation-rust/src/ur/mod.rs | 4 ++-- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/extmod/foundation-rust/src/secp256k1.rs b/extmod/foundation-rust/src/secp256k1.rs index d77f14bd9..69ed4dd4a 100644 --- a/extmod/foundation-rust/src/secp256k1.rs +++ b/extmod/foundation-rust/src/secp256k1.rs @@ -1,6 +1,7 @@ // SPDX-FileCopyrightText: © 2023 Foundation Devices, Inc. // SPDX-License-Identifier: GPL-3.0-or-later +use core::ptr; use once_cell::sync::Lazy; use secp256k1::{ ffi::types::AlignedType, AllPreallocated, KeyPair, Message, Secp256k1, @@ -12,7 +13,13 @@ static mut PRE_ALLOCATED_CTX_BUF: [AlignedType; 20] = [AlignedType::ZERO; 20]; /// cbindgen:ignore static PRE_ALLOCATED_CTX: Lazy>> = Lazy::new(|| { - let buf = unsafe { &mut PRE_ALLOCATED_CTX_BUF }; + // SAFETY: + // + // This pre-allocated buffer safety depends on trusting libsecp256k1 + // that it writes the context buffer only once for initialization and + // then only performs reads to it. + let buf = unsafe { &mut *ptr::addr_of_mut!(PRE_ALLOCATED_CTX_BUF) }; + Secp256k1::preallocated_new(buf) .expect("the pre-allocated context buf should have enough space") }); diff --git a/extmod/foundation-rust/src/ur/decoder.rs b/extmod/foundation-rust/src/ur/decoder.rs index 8b81dc608..17e22fb99 100644 --- a/extmod/foundation-rust/src/ur/decoder.rs +++ b/extmod/foundation-rust/src/ur/decoder.rs @@ -3,7 +3,7 @@ //! Decoder. -use core::{fmt, slice, str}; +use core::{fmt, ptr, slice, str}; use foundation_ur::{ bytewords, bytewords::Style, decoder::Error, max_fragment_len, @@ -246,7 +246,8 @@ pub unsafe extern "C" fn ur_decode_single_part( } }; - let message = unsafe { &mut UR_DECODER_SINGLE_PART_MESSAGE }; + let message = + unsafe { &mut *ptr::addr_of_mut!(UR_DECODER_SINGLE_PART_MESSAGE) }; message.clear(); message .resize(UR_DECODER_MAX_SINGLE_PART_MESSAGE_LEN, 0) diff --git a/extmod/foundation-rust/src/ur/encoder.rs b/extmod/foundation-rust/src/ur/encoder.rs index 881e42421..e1974627f 100644 --- a/extmod/foundation-rust/src/ur/encoder.rs +++ b/extmod/foundation-rust/src/ur/encoder.rs @@ -3,7 +3,7 @@ //! Encoder. -use core::{ffi::c_char, fmt::Write}; +use core::{ffi::c_char, fmt::Write, ptr}; use foundation_ur::{max_fragment_len, HeaplessEncoder}; use minicbor::{Encode, Encoder}; @@ -106,7 +106,7 @@ pub unsafe extern "C" fn ur_encoder_start( let value = unsafe { value.to_value() }; // SAFETY: This code assumes that runs on a single thread. - let message = unsafe { &mut UR_ENCODER_MESSAGE }; + let message = unsafe { &mut *ptr::addr_of_mut!(UR_ENCODER_MESSAGE) }; message.clear(); let mut e = Encoder::new(Writer(message)); @@ -142,7 +142,7 @@ pub unsafe extern "C" fn ur_encoder_next_part( ) { let part = encoder.inner.next_part(); - let buf = unsafe { &mut UR_ENCODER_STRING }; + let buf = unsafe { &mut *ptr::addr_of_mut!(UR_ENCODER_STRING) }; buf.clear(); write!(buf, "{part}").unwrap(); buf.push(b'\0').unwrap(); diff --git a/extmod/foundation-rust/src/ur/mod.rs b/extmod/foundation-rust/src/ur/mod.rs index d65ffdeb5..90566d344 100644 --- a/extmod/foundation-rust/src/ur/mod.rs +++ b/extmod/foundation-rust/src/ur/mod.rs @@ -3,7 +3,7 @@ //! Uniform Resources. -use core::{ffi::c_char, fmt, fmt::Write}; +use core::{ffi::c_char, fmt, fmt::Write, ptr}; /// cbindgen:ignore #[used] @@ -43,7 +43,7 @@ impl UR_Error { /// an invalid message. So the data pointed by `message` should be copied /// and `UR_Error` must be dropped. pub unsafe fn new(message: &dyn fmt::Display, kind: UR_ErrorKind) -> Self { - let error = &mut UR_ERROR; + let error = &mut *ptr::addr_of_mut!(UR_ERROR); error.clear(); if write!(error, "{}", message).is_err() {