remove unchecked-decode ff, fix nightly attributes

Cargo.toml

@@ -38,10 +38,10 @@ git = "https://github.com/main--/rust-lz-fear"
  #features = ["std", "safe-encode", "safe-decode", "frame"]
 
 [features]
-default = ["std", "safe-encode", "safe-decode", "frame"]
+default = ["std", "safe-encode", "safe-decode", "frame", "checked-decode"]
 safe-decode = []
 safe-encode = []
-#unchecked-decode = [] # Removes some checks for additional performance. Only enable on trusted input!
+checked-decode = [] # Adds important checks while decoding. Only remove on trusted input!
 frame = ["std", "dep:twox-hash"]
 std = []
 # use nightly compiler features

src/block/decompress.rs

@@ -53,7 +53,7 @@ fn wild_copy_from_src_16(mut source: *const u8, mut dst_ptr: *mut u8, num_items:
 
 /// Copy function, if the data start + match_length overlaps into output_ptr
 #[inline]
-#[cfg_attr(nightly, optimize(size))] // to avoid loop unrolling
+#[cfg_attr(feature = "nightly", optimize(size))] // to avoid loop unrolling
 unsafe fn duplicate_overlapping(
     output_ptr: &mut *mut u8,
     mut start: *const u8,
@@ -97,7 +97,7 @@ unsafe fn copy_from_dict(
     // If we're here we know offset > output pos, so we have at least 1 byte to copy from dict
     debug_assert!(output_ptr.offset_from(output_base) >= 0);
     debug_assert!(offset > output_ptr.offset_from(output_base) as usize);
-    // If unchecked-decode is not disabled we also know that the offset falls within ext_dict
+    // offset falls within ext_dict
     debug_assert!(ext_dict.len() + output_ptr.offset_from(output_base) as usize >= offset);
 
     let dict_offset = ext_dict.len() + output_ptr.offset_from(output_base) as usize - offset;
@@ -139,7 +139,7 @@ fn read_integer_ptr(
     loop {
         // We add the next byte until we get a byte which we add to the counting variable.
 
-        #[cfg(not(feature = "unchecked-decode"))]
+        // could be skipped with unchecked-decode
         {
             if *input_ptr >= _input_ptr_end {
                 return Err(DecompressError::ExpectedAnotherByte);
@@ -337,7 +337,7 @@ pub(crate) fn decompress_internal<const USE_DICT: bool, S: Sink>(
                 literal_length += read_integer_ptr(&mut input_ptr, input_ptr_end)? as usize;
             }
 
-            #[cfg(not(feature = "unchecked-decode"))]
+            // could be skipped with unchecked-decode
             {
                 // Check if literal is out of bounds for the input, and if there is enough space on
                 // the output
@@ -366,7 +366,7 @@ pub(crate) fn decompress_internal<const USE_DICT: bool, S: Sink>(
         }
 
         // Read duplicate section
-        #[cfg(not(feature = "unchecked-decode"))]
+        // could be skipped with unchecked-decode
         {
             if (input_ptr_end as usize) - (input_ptr as usize) < 2 {
                 return Err(DecompressError::ExpectedAnotherByte);
@@ -392,8 +392,7 @@ pub(crate) fn decompress_internal<const USE_DICT: bool, S: Sink>(
         // by simply referencing the other location.
         let output_len = unsafe { output_ptr.offset_from(output_base) as usize };
 
-        // We'll do a bounds check except unchecked-decode is enabled.
-        #[cfg(not(feature = "unchecked-decode"))]
+        // could be skipped with unchecked-decode
         {
             if offset > output_len + ext_dict.len() {
                 return Err(DecompressError::OffsetOutOfBounds);
@@ -411,7 +410,7 @@ pub(crate) fn decompress_internal<const USE_DICT: bool, S: Sink>(
                 copy_from_dict(output_base, &mut output_ptr, ext_dict, offset, match_length)
             };
             if copied == match_length {
-                #[cfg(not(feature = "unchecked-decode"))]
+                // could be skipped with unchecked-decode
                 {
                     if input_ptr >= input_ptr_end {
                         return Err(DecompressError::ExpectedAnotherByte);
@@ -434,7 +433,7 @@ pub(crate) fn decompress_internal<const USE_DICT: bool, S: Sink>(
         unsafe {
             duplicate(&mut output_ptr, output_end, start_ptr, match_length);
         }
-        #[cfg(not(feature = "unchecked-decode"))]
+        // could be skipped with unchecked-decode
         {
             if input_ptr >= input_ptr_end {
                 return Err(DecompressError::ExpectedAnotherByte);
@@ -536,7 +535,6 @@ mod test {
     }
 
     // this error test is only valid with checked-decode.
-    #[cfg(not(feature = "unchecked-decode"))]
     #[test]
     fn offset_oob() {
         decompress(&[0x10, b'a', 2, 0], 4).unwrap_err();

src/block/decompress_safe.rs

@@ -182,7 +182,7 @@ pub(crate) fn decompress_internal<const USE_DICT: bool, S: Sink>(
             if literal_length > input.len() - input_pos {
                 return Err(DecompressError::LiteralOutOfBounds);
             }
-            #[cfg(not(feature = "unchecked-decode"))]
+            // could be skipped with unchecked-decode
             if literal_length > output.capacity() - output.pos() {
                 return Err(DecompressError::OutputTooSmall {
                     expected: output.pos() + literal_length,
@@ -215,7 +215,7 @@ pub(crate) fn decompress_internal<const USE_DICT: bool, S: Sink>(
             match_length += read_integer(input, &mut input_pos)? as usize;
         }
 
-        #[cfg(not(feature = "unchecked-decode"))]
+        // could be skipped with unchecked-decode
         if output.pos() + match_length > output.capacity() {
             return Err(DecompressError::OutputTooSmall {
                 expected: output.pos() + match_length,

src/lib.rs

@@ -72,7 +72,7 @@
 #![deny(missing_docs)]
 #![cfg_attr(not(feature = "std"), no_std)]
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![cfg_attr(nightly, feature(optimize_attribute))]
+#![cfg_attr(feature = "nightly", feature(optimize_attribute))]
 
 #[cfg_attr(test, macro_use)]
 extern crate alloc;

src/sink.rs

@@ -187,7 +187,7 @@ impl<'a> Sink for SliceSink<'a> {
 
     #[inline]
     #[cfg(feature = "safe-decode")]
-    #[cfg_attr(nightly, optimize(size))] // to avoid loop unrolling
+    #[cfg_attr(feature = "nightly", optimize(size))] // to avoid loop unrolling
     fn extend_from_within_overlapping(&mut self, start: usize, num_bytes: usize) {
         let offset = self.pos - start;
         for i in start + offset..start + offset + num_bytes {

tests/tests.rs

@@ -319,7 +319,6 @@ fn print_compression_ration(input: &'static [u8], name: &str) {
 // }
 
 #[cfg(test)]
-#[cfg(not(feature = "unchecked-decode"))]
 mod checked_decode {
     use super::*;
 
@@ -507,13 +506,6 @@ fn test_decomp(data: &[u8]) {
 
 #[test]
 fn bug_fuzz_7() {
-    #[cfg(not(feature = "safe-decode"))]
-    {
-        #[cfg(feature = "unchecked-decode")]
-        {
-            return;
-        }
-    }
     let data = &[
         39, 0, 0, 0, 0, 0, 0, 237, 0, 0, 0, 0, 0, 0, 16, 0, 0, 4, 0, 0, 0, 39, 32, 0, 2, 0, 162, 5,
         36, 0, 0, 0, 0, 7, 0,
@@ -523,7 +515,7 @@ fn bug_fuzz_7() {
 }
 
 // TODO maybe also not panic for default feature flags
-#[cfg(all(not(feature = "safe-decode"), feature = "unchecked-decode"))]
+#[cfg(not(feature = "safe-decode"))]
 #[test]
 fn bug_fuzz_8() {
     let data = &[