Document safety requirements

src/header/sys_timeb/mod.rs

@@ -28,12 +28,20 @@ pub struct timeb {
 }
 
 /// See <https://pubs.opengroup.org/onlinepubs/009695399/functions/ftime.html>.
+///
+/// # Safety
+/// The caller must ensure that `tp` is convertible to a `&mut
+/// MaybeUninit<timeb>`.
 #[no_mangle]
 pub unsafe extern "C" fn ftime(tp: *mut timeb) -> c_int {
+    // SAFETY: the caller is required to ensure that the pointer is valid.
     let tp_maybe_uninit = unsafe { NonNull::new_unchecked(tp).as_uninit_mut() };
 
     let mut tv = timeval::default();
     let mut tz = timezone::default();
+
+    // SAFETY: tv and tz are created above, and thus will coerce to valid
+    // pointers.
     if unsafe { gettimeofday(&mut tv, &mut tz) } < 0 {
         return -1;
     }