Linting fixes and alignment testing

itsibitzi · itsibitzi · commit aa215ce7fa3b · 2025-07-24T10:01:28.000+01:00
Clippy wants explicit types on transmute calls (reasonable).

Fixed issue where from_raw_parts was upset about misaligned slices. I
think for all platforms we're targetting the alignment of the buckets
doesn't matter. This was fixed by not casting the byte buffer pointer to
the correct type and instead transmuting after the fact.

Fix alignment and unsafe transmutes

The changes focus on making alignment handling more safe and explicit in
unsafe code blocks, while also adding test coverage for alignment
issues. Fix unsafe transmutes and alignment in bitvec module

The changes improve type safety in unsafe transmutes and add alignment
tests for raw pointer conversions. This fixes potential undefined
behavior when converting between slice types.
diff --git a/crates/geo_filters/src/diff_count.rs b/crates/geo_filters/src/diff_count.rs
@@ -371,6 +371,8 @@ impl<C: GeoConfig<Diff>> Count<Diff> for GeoDiffCount<'_, C> {
 
 #[cfg(test)]
 mod tests {
+    use std::io::Write;
+
     use itertools::Itertools;
     use rand::{seq::IteratorRandom, RngCore, SeedableRng};
 
@@ -627,9 +629,18 @@ mod tests {
             }
 
             let mut writer = vec![];
+
+            // Insert some padding to emulate alignment issues with the slices
+            // A previous version of this test never panicked even though we were
+            // violating the alignment preconditions for the `from_raw_parts` function
+            let pad = (0..8).choose(&mut rnd).unwrap();
+            for _ in 0..pad {
+                writer.write(&[0x0]).unwrap();
+            }
+
             before.write(&mut writer).unwrap();
 
-            let after = GeoDiffCount::<'_, C>::from_bytes(before.config.clone(), &writer);
+            let after = GeoDiffCount::<'_, C>::from_bytes(before.config.clone(), &writer[pad..]);
 
             assert_eq!(before, after);
         }
diff --git a/crates/geo_filters/src/diff_count/bitvec.rs b/crates/geo_filters/src/diff_count/bitvec.rs
@@ -172,7 +172,7 @@ impl BitVec<'_> {
         );
 
         let blocks = unsafe {
-            std::mem::transmute(std::slice::from_raw_parts(
+            std::mem::transmute::<&[u8], &[u64]>(std::slice::from_raw_parts(
                 buf.as_ptr(),
                 buf.len() / BYTES_PER_BLOCK,
             ))
diff --git a/crates/geo_filters/src/diff_count/serde.rs b/crates/geo_filters/src/diff_count/serde.rs
@@ -27,8 +27,12 @@ impl<'a, C: GeoConfig<Diff>> GeoDiffCount<'a, C> {
         // The number of most significant bits stores in the MSB sparse repr
         let msb_len = (buf.len() / size_of::<C::BucketType>()).min(c.max_msb_len());
 
-        let msb =
-            unsafe { std::slice::from_raw_parts(buf.as_ptr() as *const C::BucketType, msb_len) };
+        let msb = unsafe {
+            std::mem::transmute::<&[u8], &[C::BucketType]>(std::slice::from_raw_parts(
+                buf.as_ptr(),
+                msb_len,
+            ))
+        };
 
         // The number of bytes representing the MSB - this is how many bytes we need to
         // skip over to reach the LSB
@@ -55,10 +59,7 @@ impl<'a, C: GeoConfig<Diff>> GeoDiffCount<'a, C> {
 
         let msb_buckets = self.msb.deref();
         let msb_bytes = unsafe {
-            std::slice::from_raw_parts(
-                msb_buckets.as_ptr() as *const u8,
-                msb_buckets.len() * size_of::<C::BucketType>(),
-            )
+            std::slice::from_raw_parts(msb_buckets.as_ptr() as *const u8, size_of_val(msb_buckets))
         };
         writer.write_all(msb_bytes)?;
 
