Remove possible panic paths#82
Merged
RobertZ2011 merged 2 commits intoOpenDevicePartnership:mainfrom Dec 15, 2025
Merged
Conversation
7f60804 to
22ddba0
Compare
felipebalbi
previously approved these changes
Dec 10, 2025
asasine
reviewed
Dec 12, 2025
danirobinson-odp
approved these changes
Dec 12, 2025
22ddba0 to
b04e9ec
Compare
There was a problem hiding this comment.
Pull request overview
This PR removes potential panic paths from the codebase by replacing panic-inducing operations with checked alternatives that return errors instead.
Key changes:
- Replaced
Index/IndexMuttrait implementations with safeget/get_mutmethods that returnOption - Changed
u32_from_strto accept a byte array parameter instead of a string slice, eliminating runtime length panics - Replaced unchecked array indexing with checked alternatives using
get/get_mutthroughout async code paths
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/stream.rs | Added panic safety comment and clippy allow directive for intentional zero-length slice indexing |
| src/registers/rx_caps.rs | Removed Index/IndexMut implementations that could panic; replaced with safe get/get_mut methods; introduced RxCapsError enum for better error handling |
| src/registers/autonegotiate_sink.rs | Updated unreachable comment and added comprehensive test coverage for PpsRequestInterval::from |
| src/lib.rs | Modified u32_from_str to accept byte array parameter instead of string slice, eliminating potential panic on length check |
| src/command/mod.rs | Removed duplicate u32_from_str function; updated all command constants to use byte array syntax |
| src/asynchronous/interrupt.rs | Replaced unchecked array indexing with checked get_mut that returns error on out-of-bounds access |
| src/asynchronous/internal/mod.rs | Added bounds checking to buffer operations in register read/write functions; updated error types to use RxCapsError |
| src/asynchronous/internal/command.rs | Added bounds checking to buffer slice operations in command result reading |
| src/asynchronous/fw_update.rs | Added comprehensive bounds checking to all buffer operations during firmware update process |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
b04e9ec to
cb64612
Compare
cb64612 to
8bef238
Compare
felipebalbi
approved these changes
Dec 15, 2025
asasine
approved these changes
Dec 15, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request focuses on improving safety and robustness throughout the codebase by replacing unchecked slice and array indexing with safe
.get()/.get_mut()accessors and explicit error handling. It also simplifies the conversion of 4-byte string literals tou32constants, and updates several function signatures and trait implementations for consistency and correctness. Additionally, new unit tests have been added to ensure coverage of enum conversions.Safety and Error Handling Improvements:
slice[start..end]) with.get()or.get_mut()calls followed by.ok_or(PdError::InvalidParams)?or similar error handling infw_update.rs,internal/command.rs, andinternal/mod.rsto prevent panics from out-of-bounds access. [1] [2] [3] [4] [5] [6] [7] [8].get()with error handling instead of manual bounds checks. [1] [2]API and Type Consistency:
ExpectedPdoas an error type to useRxCapsErrorfor more accurate error reporting ininternal/mod.rs. [1] [2] [3]String-to-u32 Conversion Simplification:
u32_from_strto accept a[u8; 4]array instead of a&str, simplifying usage and eliminating panics from incorrect string lengths. Updated all call sites accordingly incommand/mod.rsandlib.rs. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]Testing and Code Quality:
PpsRequestIntervalenum to ensure all possibleu8values are covered and no panics occur.matcharm inPpsRequestIntervalto clarify panic safety.Minor Cleanups:
rx_caps.rs.