From 214c4a3c2997ea93c74192b773e49a942531d018 Mon Sep 17 00:00:00 2001
From: Khyber Sen <kkysen@gmail.com>
Date: Sat, 29 Jun 2024 22:32:45 -0700
Subject: [PATCH 1/4] `fn CArc::from_raw`: Add missing `unsafe` block.

---
 src/c_arc.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/c_arc.rs b/src/c_arc.rs
index 44aa46217..e30083780 100644
--- a/src/c_arc.rs
+++ b/src/c_arc.rs
@@ -212,7 +212,7 @@ impl<T: ?Sized> CArc<T> {
     pub unsafe fn from_raw(raw: RawCArc<T>) -> Self {
         // Safety: The [`RawCArc`] contains the output of [`Arc::into_raw`],
         // so we can call [`Arc::from_raw`] on it.
-        let owner = raw.0.into_arc();
+        let owner = unsafe { raw.0.into_arc() };
         owner.into()
     }
 }

From c083866f7d425930ad1c55ddcf0f300bf3df1f4e Mon Sep 17 00:00:00 2001
From: Khyber Sen <kkysen@gmail.com>
Date: Sat, 29 Jun 2024 22:33:10 -0700
Subject: [PATCH 2/4] `struct Free`: Add missing safety docs and comments and
 `unsafe` blocks.

---
 src/c_box.rs | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/c_box.rs b/src/c_box.rs
index e6b7d3e83..82f7ff4df 100644
--- a/src/c_box.rs
+++ b/src/c_box.rs
@@ -15,8 +15,15 @@ pub struct Free {
 }
 
 impl Free {
+    /// # Safety
+    ///
+    /// `ptr` is a [`NonNull`]`<T>` and `free` deallocates it.
+    /// It must not be used after this call as it is deallocated.
     pub unsafe fn free(&self, ptr: *mut c_void) {
-        (self.free)(ptr as *const u8, self.cookie)
+        // SAFETY: `self` came from `CBox::from_c`,
+        // which requires `self.free` to deallocate the `NonNull<T>` passed to it,
+        // and `self.cookie` to be passed to it, which it is.
+        unsafe { (self.free)(ptr as *const u8, self.cookie) }
     }
 }
 
@@ -85,7 +92,9 @@ impl<T: ?Sized> CBox<T> {
     /// # Safety
     ///
     /// `data` must be valid to dereference
-    /// until `free` is called on it, which must deallocate it.
+    /// until `free.free` is called on it, which must deallocate it.
+    /// `free.free` is always called with `free.cookie`,
+    /// which must be accessed thread-safely.
     pub unsafe fn from_c(data: NonNull<T>, free: Free) -> Self {
         Self::C {
             data,

From e1b5a0f2077a645efa2ac7ffda7cb3d827bbb244 Mon Sep 17 00:00:00 2001
From: Khyber Sen <kkysen@gmail.com>
Date: Sat, 29 Jun 2024 22:33:23 -0700
Subject: [PATCH 3/4] `mod c_box`: Mark `#![deny(unsafe_op_in_unsafe_fn)]`.

---
 src/c_box.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/c_box.rs b/src/c_box.rs
index 82f7ff4df..4c0293fa8 100644
--- a/src/c_box.rs
+++ b/src/c_box.rs
@@ -1,3 +1,5 @@
+#![deny(unsafe_op_in_unsafe_fn)]
+
 use std::ffi::c_void;
 use std::marker::PhantomData;
 use std::ops::Deref;

From e19d07c3ea37ff53b20561ba50c3ffdd51568f03 Mon Sep 17 00:00:00 2001
From: Khyber Sen <kkysen@gmail.com>
Date: Sat, 29 Jun 2024 22:33:36 -0700
Subject: [PATCH 4/4] `mod c_arc`: Mark `#![deny(unsafe_op_in_unsafe_fn)]`.

---
 src/c_arc.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/c_arc.rs b/src/c_arc.rs
index e30083780..32e21d4e4 100644
--- a/src/c_arc.rs
+++ b/src/c_arc.rs
@@ -1,3 +1,5 @@
+#![deny(unsafe_op_in_unsafe_fn)]
+
 use crate::src::c_box::CBox;
 use crate::src::error::Rav1dResult;
 use std::marker::PhantomData;