The high-level RayTracing filter struct is not marked unsafe, but performs absolutely no verification that the lengths of the passed-in slices in set_normal, set_albedo and execute actually match the image dimensions, so it's really easy to trigger segmentation faults and other nastiness in safe Rust.
It could be worth just adding length checks for each buffer/slice in execute to uphold Rust safety guarantees? It's not like it will matter performance-wise considering the code that follows.
The high-level
RayTracing
filter struct is not marked unsafe, but performs absolutely no verification that the lengths of the passed-in slices inset_normal
,set_albedo
andexecute
actually match the image dimensions, so it's really easy to trigger segmentation faults and other nastiness in safe Rust.It could be worth just adding length checks for each buffer/slice in
execute
to uphold Rust safety guarantees? It's not like it will matter performance-wise considering the code that follows.