From 8c3a9c1c93949d449a852cc9856e47527777fac4 Mon Sep 17 00:00:00 2001
From: Jubilee Young <workingjubilee@gmail.com>
Date: Sun, 14 Jul 2024 17:14:55 -0700
Subject: [PATCH] std: Unsafe-wrap std::io

---
 std/src/io/buffered/bufwriter.rs   | 8 +++++---
 std/src/io/cursor.rs               | 2 +-
 std/src/io/error/repr_bitpacked.rs | 7 +++++--
 std/src/io/mod.rs                  | 5 ++---
 4 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/std/src/io/buffered/bufwriter.rs b/std/src/io/buffered/bufwriter.rs
index 1768bb05ddbcb..a8680e9b6ead1 100644
--- a/std/src/io/buffered/bufwriter.rs
+++ b/std/src/io/buffered/bufwriter.rs
@@ -433,9 +433,11 @@ impl<W: ?Sized + Write> BufWriter<W> {
         let old_len = self.buf.len();
         let buf_len = buf.len();
         let src = buf.as_ptr();
-        let dst = self.buf.as_mut_ptr().add(old_len);
-        ptr::copy_nonoverlapping(src, dst, buf_len);
-        self.buf.set_len(old_len + buf_len);
+        unsafe {
+            let dst = self.buf.as_mut_ptr().add(old_len);
+            ptr::copy_nonoverlapping(src, dst, buf_len);
+            self.buf.set_len(old_len + buf_len);
+        }
     }
 
     #[inline]
diff --git a/std/src/io/cursor.rs b/std/src/io/cursor.rs
index a1a8b2a3505c7..2ed64a40495ef 100644
--- a/std/src/io/cursor.rs
+++ b/std/src/io/cursor.rs
@@ -482,7 +482,7 @@ where
     A: Allocator,
 {
     debug_assert!(vec.capacity() >= pos + buf.len());
-    vec.as_mut_ptr().add(pos).copy_from(buf.as_ptr(), buf.len());
+    unsafe { vec.as_mut_ptr().add(pos).copy_from(buf.as_ptr(), buf.len()) };
     pos + buf.len()
 }
 
diff --git a/std/src/io/error/repr_bitpacked.rs b/std/src/io/error/repr_bitpacked.rs
index a5cefe2292be4..fbb74967df3f1 100644
--- a/std/src/io/error/repr_bitpacked.rs
+++ b/std/src/io/error/repr_bitpacked.rs
@@ -267,11 +267,14 @@ where
                 // Using this rather than unwrap meaningfully improves the code
                 // for callers which only care about one variant (usually
                 // `Custom`)
-                core::hint::unreachable_unchecked();
+                unsafe { core::hint::unreachable_unchecked() };
             });
             ErrorData::Simple(kind)
         }
-        TAG_SIMPLE_MESSAGE => ErrorData::SimpleMessage(&*ptr.cast::<SimpleMessage>().as_ptr()),
+        TAG_SIMPLE_MESSAGE => {
+            // SAFETY: per tag
+            unsafe { ErrorData::SimpleMessage(&*ptr.cast::<SimpleMessage>().as_ptr()) }
+        }
         TAG_CUSTOM => {
             // It would be correct for us to use `ptr::byte_sub` here (see the
             // comment above the `wrapping_add` call in `new_custom` for why),
diff --git a/std/src/io/mod.rs b/std/src/io/mod.rs
index d69c98ce79e69..1345a30361e28 100644
--- a/std/src/io/mod.rs
+++ b/std/src/io/mod.rs
@@ -293,7 +293,6 @@
 //! [`Arc`]: crate::sync::Arc
 
 #![stable(feature = "rust1", since = "1.0.0")]
-#![allow(unsafe_op_in_unsafe_fn)]
 
 #[cfg(test)]
 mod tests;
@@ -383,11 +382,11 @@ pub(crate) unsafe fn append_to_string<F>(buf: &mut String, f: F) -> Result<usize
 where
     F: FnOnce(&mut Vec<u8>) -> Result<usize>,
 {
-    let mut g = Guard { len: buf.len(), buf: buf.as_mut_vec() };
+    let mut g = Guard { len: buf.len(), buf: unsafe { buf.as_mut_vec() } };
     let ret = f(g.buf);
 
     // SAFETY: the caller promises to only append data to `buf`
-    let appended = g.buf.get_unchecked(g.len..);
+    let appended = unsafe { g.buf.get_unchecked(g.len..) };
     if str::from_utf8(appended).is_err() {
         ret.and_then(|_| Err(Error::INVALID_UTF8))
     } else {