some safety comments

author: Jesse Luehrs <doy@tozt.net> 2022-01-05 00:36:02 -0500
committer: Jesse Luehrs <doy@tozt.net> 2022-01-05 00:36:02 -0500
commit: 21399914b08addbcab41acac1824d5ee53c099fe (patch)
tree: fa7eed78fb276d1f0df1cb9300d5c2e95447972f /src/pipeline/mod.rs
parent: d3139886c7d2b5cc79463d32f0b525baa4c27f3c (diff)
download: nbsh-21399914b08addbcab41acac1824d5ee53c099fe.tar.gz
nbsh-21399914b08addbcab41acac1824d5ee53c099fe.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/src/pipeline/mod.rs b/src/pipeline/mod.rs
index ba69f52..62e246f 100644
--- a/src/pipeline/mod.rs
+++ b/src/pipeline/mod.rs
@@ -16,6 +16,7 @@ mod command;
 pub use command::{Child, Command};
 
 pub async fn run() -> anyhow::Result<i32> {
+    // Safety: we don't create File instances for fd 3 or 4 anywhere else
     let shell_read = unsafe { async_std::fs::File::from_raw_fd(3) };
     let shell_write = unsafe { async_std::fs::File::from_raw_fd(4) };
 
@@ -234,9 +235,9 @@ async fn wait_children(
 
 fn pipe() -> anyhow::Result<(std::fs::File, std::fs::File)> {
     let (r, w) = nix::unistd::pipe2(nix::fcntl::OFlag::O_CLOEXEC)?;
-    // Safety: these file descriptors were just returned by pipe2 above, which
-    // means they must be valid otherwise that call would have returned an
-    // error
+    // Safety: these file descriptors were just returned by pipe2 above, and
+    // are only available in this function, so nothing else can be accessing
+    // them
     Ok((unsafe { std::fs::File::from_raw_fd(r) }, unsafe {
         std::fs::File::from_raw_fd(w)
     }))
author	Jesse Luehrs <doy@tozt.net>	2022-01-05 00:36:02 -0500
committer	Jesse Luehrs <doy@tozt.net>	2022-01-05 00:36:02 -0500
commit	21399914b08addbcab41acac1824d5ee53c099fe (patch)
tree	fa7eed78fb276d1f0df1cb9300d5c2e95447972f /src/pipeline/mod.rs
parent	d3139886c7d2b5cc79463d32f0b525baa4c27f3c (diff)
download	nbsh-21399914b08addbcab41acac1824d5ee53c099fe.tar.gz nbsh-21399914b08addbcab41acac1824d5ee53c099fe.zip