From 73d937dc332d14c9e6e9bcf3871b99033399f924 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Flemstr=C3=B6m?= Date: Fri, 28 Jun 2024 21:10:41 +0200 Subject: [PATCH] Remove implicit bounds checking from rcc module --- embassy-stm32/src/rcc/mod.rs | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/embassy-stm32/src/rcc/mod.rs b/embassy-stm32/src/rcc/mod.rs index 0bf344c40..c29d31fd9 100644 --- a/embassy-stm32/src/rcc/mod.rs +++ b/embassy-stm32/src/rcc/mod.rs @@ -138,11 +138,17 @@ impl RccInfo { pub(crate) fn enable_and_reset_with_cs(&self, _cs: CriticalSection) { if self.refcount_idx_or_0xff != 0xff { let refcount_idx = self.refcount_idx_or_0xff as usize; - unsafe { - crate::_generated::REFCOUNTS[refcount_idx] += 1; - } - if unsafe { crate::_generated::REFCOUNTS[refcount_idx] } > 1 { - return; + + // Use .get_mut instead of []-operator so that we control how bounds checks happen. + // Otherwise, core::fmt will be pulled in here in order to format the integer in the + // out-of-bounds error. + if let Some(refcount) = unsafe { crate::_generated::REFCOUNTS }.get_mut(refcount_idx) { + *refcount += 1; + if *refcount > 1 { + return; + } + } else { + panic!("refcount_idx out of bounds: {}", refcount_idx) } } @@ -196,11 +202,15 @@ impl RccInfo { pub(crate) fn disable_with_cs(&self, _cs: CriticalSection) { if self.refcount_idx_or_0xff != 0xff { let refcount_idx = self.refcount_idx_or_0xff as usize; - unsafe { - crate::_generated::REFCOUNTS[refcount_idx] -= 1; - } - if unsafe { crate::_generated::REFCOUNTS[refcount_idx] } > 0 { - return; + + // Use .get_mut instead of []-operator so that we control how bounds checks happen. + // Otherwise, core::fmt will be pulled in here in order to format the integer in the + // out-of-bounds error. + if let Some(refcount) = unsafe { crate::_generated::REFCOUNTS }.get_mut(refcount_idx) { + *refcount -= 1; + if *refcount > 0 { + return; + } } }