diff --git a/src/either.rs b/src/either.rs index 935df28..5bf45b5 100644 --- a/src/either.rs +++ b/src/either.rs @@ -332,7 +332,7 @@ impl Either { Inl(l) => l, // SAFETY: // The caller is responsible for ensuring that the value is not `Inr`. - Inr(_) => hint::unreachable_unchecked(), + Inr(_) => unsafe { hint::unreachable_unchecked() }, } } @@ -343,7 +343,7 @@ impl Either { match self { // SAFETY: // The caller is responsible for ensuring that the value is not `Inl`. - Inl(_) => hint::unreachable_unchecked(), + Inl(_) => unsafe { hint::unreachable_unchecked() }, Inr(r) => r, } } diff --git a/src/lib.rs b/src/lib.rs index 8271a2f..e46389f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,3 +1,5 @@ +#![deny(unsafe_op_in_unsafe_fn)] + #![cfg_attr(not(feature = "std"), no_std)] #[cfg(all(feature = "alloc", not(feature = "std")))] diff --git a/src/strings/fixed.rs b/src/strings/fixed.rs index b60744b..db4020c 100644 --- a/src/strings/fixed.rs +++ b/src/strings/fixed.rs @@ -24,7 +24,9 @@ impl FixedString { #[inline] pub unsafe fn from_raw_slice(bytes: &[u8]) -> Result { match bytes.try_into() { - Ok(bytes) => Ok(Self::from_raw_array(bytes)), + // SAFETY: + // The caller is reponsible for ensuring that the provided bytes are valid UTF-8. + Ok(bytes) => unsafe { Ok(Self::from_raw_array(bytes)) }, Err(_) => Err(Error { expected_len: N, actual_len: bytes.len(), diff --git a/src/strings/inlining.rs b/src/strings/inlining.rs index 7fa4b81..6d716b6 100644 --- a/src/strings/inlining.rs +++ b/src/strings/inlining.rs @@ -183,7 +183,7 @@ impl InliningString { // The caller is responsible for ensuring that `len` is less than or equal to // `Self::MAX_LEN`, which is no greater than `u8::MAX - 2`. If this contract is upheld, // `len + 1` can never overflow, so `len + 1` can never be zero. - let discrim = NonZeroU8::new_unchecked(len + 1); + let discrim = unsafe { NonZeroU8::new_unchecked(len + 1) }; Self { repr: Repr { inline: buf },