requirements

Author: molpopgen

src/sys/mod.rs

@@ -137,6 +137,19 @@ pub unsafe fn tsk_column_access<
     tsk_column_access_detail(row, column, column_length).map(|v| v.into())
 }
 
+/// # SAFETY
+///
+/// The safety requirements here are a bit fiddly.
+///
+/// The hard case is when the columns contain data:
+///
+/// * column and offset must both not be NULL
+/// * column_length and offset_length must both be
+///   the correct lengths for the input pointers
+/// * we return None if row < 0 or row > array length.
+///
+/// When the lengths of each column are 0, we
+/// don't worry about anything else
 unsafe fn tsk_ragged_column_access_detail<
     R: Into<bindings::tsk_id_t>,
     L: Into<bindings::tsk_size_t>,
@@ -175,6 +188,7 @@ unsafe fn tsk_ragged_column_access_detail<
     }
 }
 
+// SAFETY: see tsk_ragged_column_access_detail
 pub unsafe fn tsk_ragged_column_access<
     'a,
     O,
@@ -188,9 +202,12 @@ pub unsafe fn tsk_ragged_column_access<
     offset: *const bindings::tsk_size_t,
     offset_length: bindings::tsk_size_t,
 ) -> Option<&'a [O]> {
-    // SAFETY: see tsk_ragged_column_access_detail
-    tsk_ragged_column_access_detail(row, column, column_length, offset, offset_length)
-        .map(|(p, n)| unsafe { std::slice::from_raw_parts(p.cast::<O>(), n) })
+    unsafe {
+        tsk_ragged_column_access_detail(row, column, column_length, offset, offset_length)
+            // If the safety requirements of tsk_ragged_column_access_detail are upheld,
+            // then we have received a valid pointer + length from which to make a slice
+            .map(|(p, n)| std::slice::from_raw_parts(p.cast::<O>(), n))
+    }
 }
 
 /// # SAFETY