-
Notifications
You must be signed in to change notification settings - Fork 13.4k
Index-assign in str should be unsafe #8891
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
I had no idea str even allowed index-assign. |
@kballard forbidding it entirely could also fix the issue, but might be overkill. |
Hmm... This could be tricker than just forbidding assignment because this code compiles as well fn main() {
let mut a = ~"test";
{
let c = &mut a[2];
*c = 0x32;
}
println(a);
} |
@alexcrichton I suppose we could also forbid (in safe code) to borrow mutable references to individual bytes in a string. Similarly, I believe that |
I think we should just forbid index-assign and borrowing mutable references. It can still be done through unsafe methods, but doesn't need to be in the language as a feature. The only |
Nominating for the backwards compatible milestone. |
|
Accepted for well-defined. (Also: document what "unsafe" means, which is a separate issue.) |
This behavior was decided to get out-right forbidden by the compiler Closes #8891
As far as I understand, the str types have a pretty strong assumption that they contain valid UTF-8. Any method/function that could break this (such as
push_bytes
) is marked as unsafe.However, it is possible to assign random bytes in the middle of a ~str, breaking the UTF-8 invariant:
I think that such assignments should only be allowed in unsafe code.
Update:
str.as_mut_buf
should also be unsafe, IMO.The text was updated successfully, but these errors were encountered: