seL4
Fix 'array index out of bounds' error in fn next().
I've rewritten the Iterator impl to be a bit easier on the eyes and also prevent out of bounds access panics whilst iterating.
I do suspect there is a way to implement this without using unsafe code, but I haven't gotten to it yet.
Also:
- Created a proper BootInfoHeader struct, with a payload_len() method for convenience when constructing the chunk slice in the iterator
- Declares BootInfoExtraId enum as non_exhaustive
- Adds additional enum fields to match the C enum in bootinfo_types.h
Thanks for identifying this bug.
I'd like to avoid unsafe except where absolutely necessary. The reason for not using the sys::seL4_BootInfoHeader directly for reading the header is because casting arbitrary data to Rust structs is unsound. You can read more about why in the docs of the zerocopy crate which provides a safe way to do this. However, I'd like to avoid unnecessary dependencies too, hence the manual way of doing it implemented in bootinfo.rs.
But I'm all for making the BootInfoExtraIter implementation more readable! Provided that we don't introduce unnecessary usage of unsafe (or unnecessary dependencies like zerocopy).
In the meantime, do you have a fix for the bug without using unsafe?
Also, thanks for adding more enum variants to BootInfoExtraId. For those new variants, can we stick to the Rust convention of UpperCamelCase?
