From f8622a80c7e26c6f5e0a7c52ec97e39abf98eef3 Mon Sep 17 00:00:00 2001
From: Jason White <jasonwhite@fb.com>
Date: Tue, 12 Sep 2023 14:49:35 -0700
Subject: [PATCH] ci: Fix clippy warnings

---
 reverie-process/src/fd.rs            | 45 ++++++++++++++++++++--------
 reverie-process/src/lib.rs           |  5 ++--
 reverie-process/src/mount.rs         |  4 +--
 reverie-process/src/seccomp/notif.rs |  2 +-
 4 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/reverie-process/src/fd.rs b/reverie-process/src/fd.rs
index 2905779..1e98ebb 100644
--- a/reverie-process/src/fd.rs
+++ b/reverie-process/src/fd.rs
@@ -10,7 +10,6 @@ use core::pin::Pin;
 use core::task::Context;
 use core::task::Poll;
 use std::ffi::CStr;
-use std::ffi::CString;
 use std::io;
 use std::io::Read;
 use std::io::Write;
@@ -378,20 +377,37 @@ pub fn is_dir(path: *const libc::c_char) -> bool {
     }
 }
 
-fn cstring_as_slice(s: &mut CString) -> &mut [libc::c_char] {
-    let bytes = s.as_bytes_with_nul();
-    unsafe {
-        // This is safe because we are already provided a mutable `CString` and
-        // we don't alias the two mutable references.
-        core::slice::from_raw_parts_mut(bytes.as_ptr() as *mut libc::c_char, bytes.len())
+/// Copies the bytes of a `CStr` to a buffer. Helpful to avoid allocations when
+/// performing path operations in a child process that hasn't called `execve`
+/// yet.
+fn copy_cstr_to_slice<'a>(
+    s: &CStr,
+    buf: &'a mut [libc::c_char],
+) -> Result<&'a mut [libc::c_char], Errno> {
+    let bytes = s.to_bytes_with_nul();
+
+    if bytes.len() > buf.len() {
+        return Err(Errno::ENAMETOOLONG);
     }
+
+    unsafe {
+        core::ptr::copy_nonoverlapping(
+            bytes.as_ptr() as *const libc::c_char,
+            buf.as_mut_ptr(),
+            bytes.len(),
+        )
+    };
+
+    Ok(&mut buf[0..bytes.len()])
 }
 
 /// Creates every path component in `path` without allocating. This is done by
-/// replacing each `/` with a NUL terminator as needed (and then changing the
-/// `\0` back to `/` afterwards).
-pub fn create_dir_all(path: &mut CString, mode: libc::mode_t) -> Result<(), Errno> {
-    create_dir_all_(cstring_as_slice(path), mode)
+/// copying the path to a static buffer and replacing each `/` with a NUL
+/// terminator as needed (and then changing the `\0` back to `/` afterwards).
+pub fn create_dir_all(path: &CStr, mode: libc::mode_t) -> Result<(), Errno> {
+    let mut buf = ['\0' as libc::c_char; libc::PATH_MAX as usize];
+    let path = copy_cstr_to_slice(path, &mut buf)?;
+    create_dir_all_(path, mode)
 }
 
 /// Helper function. The last character in the path is always `\0`.
@@ -431,11 +447,13 @@ fn create_dir_all_(path: &mut [libc::c_char], mode: libc::mode_t) -> Result<(),
 
 /// Creates an empty file at `path` without allocating.
 pub fn touch_path(
-    path: &mut CString,
+    path: &CStr,
     file_mode: libc::mode_t,
     dir_mode: libc::mode_t,
 ) -> Result<(), Errno> {
-    touch_path_(cstring_as_slice(path), file_mode, dir_mode)
+    let mut buf = ['\0' as libc::c_char; libc::PATH_MAX as usize];
+    let path = copy_cstr_to_slice(path, &mut buf)?;
+    touch_path_(path, file_mode, dir_mode)
 }
 
 /// Helper function. The last character in the path is always `\0`.
@@ -493,6 +511,7 @@ where
 
 #[cfg(test)]
 mod tests {
+    use std::ffi::CString;
     use std::os::unix::ffi::OsStrExt;
 
     use const_cstr::const_cstr;
diff --git a/reverie-process/src/lib.rs b/reverie-process/src/lib.rs
index 7d10535..758eb56 100644
--- a/reverie-process/src/lib.rs
+++ b/reverie-process/src/lib.rs
@@ -227,9 +227,7 @@ mod tests {
             .trim_end()
             .split('\n')
             .map(|line| {
-                let mut items = line.splitn(2, ':');
-                let first = items.next().unwrap();
-                let second = items.next().unwrap();
+                let (first, second) = line.split_once(':').unwrap();
                 (first, second.trim())
             })
             .collect()
@@ -655,6 +653,7 @@ mod tests {
             .arg("/proc/self/status")
             .seccomp(filter)
             .seccomp_notify()
+            .stdout(Stdio::null())
             .spawn()
             .unwrap();
 
diff --git a/reverie-process/src/mount.rs b/reverie-process/src/mount.rs
index 4b533c5..3591ecc 100644
--- a/reverie-process/src/mount.rs
+++ b/reverie-process/src/mount.rs
@@ -292,9 +292,9 @@ impl Mount {
             // a different tmpfs.
             if let Some(src) = &self.source {
                 if FileType::new(src.as_ptr())?.is_dir() {
-                    create_dir_all(&mut self.target, 0o777)?;
+                    create_dir_all(&self.target, 0o777)?;
                 } else {
-                    touch_path(&mut self.target, 0o666, 0o777)?;
+                    touch_path(&self.target, 0o666, 0o777)?;
                 }
             }
         }
diff --git a/reverie-process/src/seccomp/notif.rs b/reverie-process/src/seccomp/notif.rs
index c6ae01c..570ecc2 100644
--- a/reverie-process/src/seccomp/notif.rs
+++ b/reverie-process/src/seccomp/notif.rs
@@ -283,7 +283,7 @@ impl futures::stream::Stream for SeccompNotif {
 /// currently pending, the operation blocks until an event occurs.
 ///
 /// NOTE: This is only available since Linux 5.0.
-fn seccomp_notif_recv(fd: &mut Fd) -> io::Result<seccomp_notif> {
+fn seccomp_notif_recv(fd: &Fd) -> io::Result<seccomp_notif> {
     // According to the docs, this struct must be zeroed out first.
     let mut response = core::mem::MaybeUninit::<seccomp_notif>::zeroed();