kmc-solid: Use the filesystem thread-safety wrapper

Neither the SOLID filesystem API nor built-in filesystems guarantee thread safety by default. Although this may suffice in general embedded- system use cases, and in fact the API can be used from multiple threads without any problems in many cases, this has been a source of unsoundness in `std::sys::solid::fs`. This commit updates the `std` code to leverage the filesystem thread- safety wrapper to enforce thread safety. This is done by prefixing all paths passed to the filesystem API with `\TS`. (Note that relative paths aren't supported in this platform.)
rust-lang · Feb 10, 2022 · 64406c5 · 64406c5
1 parent 9a5a961
commit 64406c5
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/library/std/src/sys/solid/fs.rs b/library/std/src/sys/solid/fs.rs
@@ -289,7 +289,26 @@ impl OpenOptions {
 }
 
 fn cstr(path: &Path) -> io::Result<CString> {
-    Ok(CString::new(path.as_os_str().as_bytes())?)
+    let path = path.as_os_str().as_bytes();
+
+    if !path.starts_with(br"\") {
+        // Relative paths aren't supported
+        return Err(crate::io::const_io_error!(
+            crate::io::ErrorKind::Unsupported,
+            "relative path is not supported on this platform",
+        ));
+    }
+
+    // Apply the thread-safety wrapper
+    const SAFE_PREFIX: &[u8] = br"\TS";
+    let wrapped_path = [SAFE_PREFIX, &path, &[0]].concat();
+
+    CString::from_vec_with_nul(wrapped_path).map_err(|_| {
+        crate::io::const_io_error!(
+            io::ErrorKind::InvalidInput,
+            "path provided contains a nul byte",
+        )
+    })
 }
 
 impl File {