Skip to content

Commit

Permalink
Rollup merge of #72963 - poliorcetics:cstring-from-raw, r=dtolnay
Browse files Browse the repository at this point in the history 
Cstring `from_raw` and `into_raw` safety precisions

Fixes #48525.
Fixes #68456.

This issue had two points:

- The one about `from_raw` has been addressed (I hope).
- The other one, about `into_raw`, has only been partially fixed.

About `into_raw`: the idea was to:

> steer users away from using the pattern of CString::{into_raw,from_raw} when interfacing with C APIs that may change the effective length of the string by writing interior NULs or erasing the final NUL

I tried making a `Vec<c_char>` like suggested but my current solution feels very unsafe and *hacky* to me (most notably the type cast), I included it here to make it available for discussion:

```rust
fn main() {
    use std::os::raw::c_char;

    let v = String::from("abc")
        .bytes()
        // From u8 to i8,
        // I feel like it will be a problem for values of u8 > 255
        .map(|c| c as c_char)
        .collect::<Vec<_>>();

    dbg!(v);
}
```
  • Loading branch information
@RalfJung
RalfJung authored Jun 8, 2020
2 parents 13815e4 + 87abe17 commit 824ea6b
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions src/libstd/ffi/c_str.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,12 @@ impl CString {
/// ownership of a string that was allocated by foreign code) is likely to lead
/// to undefined behavior or allocator corruption.
///
/// It should be noted that the length isn't just "recomputed," but that
/// the recomputed length must match the original length from the
/// [`into_raw`] call. This means the [`into_raw`]/`from_raw` methods
/// should not be used when passing the string to C functions that can
/// modify the string's length.
///
/// > **Note:** If you need to borrow a string that was allocated by
/// > foreign code, use [`CStr`]. If you need to take ownership of
/// > a string that was allocated by foreign code, you will need to
Expand Down Expand Up @@ -440,6 +446,11 @@ impl CString {
///
/// Failure to call [`from_raw`] will lead to a memory leak.
///
/// The C side must **not** modify the length of the string (by writing a
/// `NULL` somewhere inside the string or removing the final one) before
/// it makes it back into Rust using [`from_raw`]. See the safety section
/// in [`from_raw`].
///
/// [`from_raw`]: #method.from_raw
///
/// # Examples
Expand Down

0 comments on commit 824ea6b

Please sign in to comment.