Re: [PATCH 3/3] rust: add WMI abstractions

[Gladyshev Ilya]

On 1/8/26 23:48, Kari Argillander wrote:
> On Wed, 7 Jan 2026 at 22:56, Gladyshev Ilya <foxido@xxxxxxxxxx> wrote:
> <snip>
>
> > +impl DeviceId {
> > +    /// Constructs new DeviceId from GUID string.
> > +    pub const fn new(guid: &[u8; bindings::UUID_STRING_LEN as usize]) -> Self {
> > +        // SAFETY: FFI type is valid to be zero-initialized.
> > +        let mut inner: bindings::wmi_device_id = unsafe { MaybeUninit::zeroed().assume_init() };
> > +
> > +        build_assert!(inner.guid_string.len() == bindings::UUID_STRING_LEN as usize + 1);
> > +
> > +        // SAFETY: It's safe to copy UUID_STRING_LEN, because we validated lengths.
> > +        // Also we leave last byte zeroed, so guid_string is valid C string.
> > +        unsafe {
> > +            ::core::ptr::copy_nonoverlapping(
> > +                guid.as_ptr(),
> > +                &raw mut inner.guid_string[0],
> > +                bindings::UUID_STRING_LEN as usize,
> > +            );
> > +        }
>
> Just use while here so no unsafe is needed at all. Then probably patch
> 1/3 is not needed.

Overall this operation is still unsafe because we are constructing C 
string in FFI object. So for me avoiding `unsafe` via less readable 
(imo) loop will just mask unsafe operation without any real benefits.

Ideally this function should receive c string and just validate it's 
length, but IIRC I had troubles with build-time validation of C string 
length

> > +
> > +        Self(inner)
> > +    }
> > +}