@@ -449,7 +449,11 @@ impl MessageReader {
449449 }
450450
451451 /// Called when we receive an IO Completion Packet for this handle.
452- fn notify_completion ( & mut self , err : u32 ) -> Result < ( ) , WinError > {
452+ ///
453+ /// Unsafe, since as far as I can tell, the soundness of this method
454+ /// relies on the validity of the `self` object (specifically, `self.ov`)
455+ /// passed in by the caller.
456+ unsafe fn notify_completion ( & mut self , err : u32 ) -> Result < ( ) , WinError > {
453457 win32_trace ! ( "[$ {:?}] notify_completion" , self . handle) ;
454458
455459 // mark a read as no longer in progress even before we check errors
@@ -472,13 +476,11 @@ impl MessageReader {
472476 panic ! ( "[$ {:?}] *** notify_completion: unhandled error reported! {}" , self . handle, err) ;
473477 }
474478
475- unsafe {
476- let new_size = self . read_buf . len ( ) + nbytes as usize ;
477- win32_trace ! ( "nbytes: {}, offset {}, buf len {}->{}, capacity {}" ,
478- nbytes, offset, self . read_buf. len( ) , new_size, self . read_buf. capacity( ) ) ;
479- assert ! ( new_size <= self . read_buf. capacity( ) ) ;
480- self . read_buf . set_len ( new_size) ;
481- }
479+ let new_size = self . read_buf . len ( ) + nbytes as usize ;
480+ win32_trace ! ( "nbytes: {}, offset {}, buf len {}->{}, capacity {}" ,
481+ nbytes, offset, self . read_buf. len( ) , new_size, self . read_buf. capacity( ) ) ;
482+ assert ! ( new_size <= self . read_buf. capacity( ) ) ;
483+ self . read_buf . set_len ( new_size) ;
482484
483485 Ok ( ( ) )
484486 }
@@ -1213,7 +1215,7 @@ impl OsIpcReceiverSet {
12131215 win32_trace ! ( "[# {:?}] result for receiver {:?}" , * self . iocp, * reader. handle) ;
12141216
12151217 // tell it about the completed IO op
1216- try!( reader. notify_completion ( io_err) ) ;
1218+ unsafe { try!( reader. notify_completion ( io_err) ) ; }
12171219
12181220 // then drain as many messages as we can
12191221 loop {
0 commit comments