embedded-service hid: audit panic paths#658
Merged
jerrysxie merged 3 commits intoOpenDevicePartnership:mainfrom Dec 22, 2025
Merged
embedded-service hid: audit panic paths#658jerrysxie merged 3 commits intoOpenDevicePartnership:mainfrom
jerrysxie merged 3 commits intoOpenDevicePartnership:mainfrom
Conversation
jerrysxie
requested review from
JWL-surface,
asasine,
bramsdell-ms,
danirobinson-odp and
rogurr
Contributor
There was a problem hiding this comment.
Pull request overview
This PR audits and removes panic paths in the HID service code by replacing unwrap() calls with proper error handling and documenting remaining indexing operations with panic safety comments and clippy allow attributes.
- Replaces
unwrap()calls withok_or()and proper error types in command parsing - Adds panic safety comments and clippy allow attributes to justified indexing operations
- Converts unsafe indexing to safe
get_mut()for SetPower command encoding
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| embedded-service/src/hid/mod.rs | Adds panic safety comments and clippy allow attributes to descriptor encode/decode functions |
| embedded-service/src/hid/command.rs | Replaces unwrap() calls with proper error handling in command parsing; adds panic safety comments to encoding helper functions; converts SetPower encoding to use safe indexing |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
madeleyneVaca
approved these changes
Dec 22, 2025
asasine
approved these changes
Dec 22, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request improves error handling and code safety in the HID command and descriptor encoding/decoding logic. The main changes include replacing unsafe
unwrap()calls with proper error handling, and documenting/pacifying potential panics when using slice indexing. These updates make the code more robust and easier to maintain.Error handling improvements:
unwrap()calls onOptionvalues withok_orand appropriate error variants in theCommand::from_opcodelogic, preventing panics when required fields are missing.Code safety and documentation:
indexing_slicinglint in all encoding/decoding functions that use slice indexing, ensuring that buffer length checks are always performed before accessing slices. [1] [2] [3] [4] [5] [6] [7]Buffer access validation:
Command::SetPowerencoding to useget_mutwith error handling instead of direct slice indexing, ensuring the buffer is large enough before writing.