diff --git a/src/libstd/ffi/os_str.rs b/src/libstd/ffi/os_str.rs index 45417403c1084..0fbe8e5dd83e8 100644 --- a/src/libstd/ffi/os_str.rs +++ b/src/libstd/ffi/os_str.rs @@ -534,6 +534,8 @@ impl OsStr { fn from_inner_mut(inner: &mut Slice) -> &mut OsStr { // Safety: OsStr is just a wrapper of Slice, // therefore converting &mut Slice to &mut OsStr is safe. + // Any method that mutates OsStr must be careful not to + // break platform-specific encoding, in particular Wtf8 on Windows. unsafe { &mut *(inner as *mut Slice as *mut OsStr) } } diff --git a/src/libstd/sys/windows/os_str.rs b/src/libstd/sys/windows/os_str.rs index 2820d2b5fe967..ff6885cb27477 100644 --- a/src/libstd/sys/windows/os_str.rs +++ b/src/libstd/sys/windows/os_str.rs @@ -87,6 +87,8 @@ impl Buf { // Safety: Slice is just a wrapper for Wtf8, // and self.inner.as_mut_slice() returns &mut Wtf8. // Therefore, transmuting &mut Wtf8 to &mut Slice is safe. + // Additionally, care should be taken to ensure the slice + // is always valid Wtf8. unsafe { mem::transmute(self.inner.as_mut_slice()) } }