Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document the requirement on recomputed length for CString::from_raw #48525

Closed
ExpHP opened this issue Feb 25, 2018 · 1 comment · Fixed by #72963
Closed

Document the requirement on recomputed length for CString::from_raw #48525

ExpHP opened this issue Feb 25, 2018 · 1 comment · Fixed by #72963
Labels
A-docs Area: documentation for any part of the project, including the compiler, standard library, and tools A-FFI Area: Foreign function interface (FFI) C-enhancement Category: An issue proposing an enhancement or a PR with one. E-hard Call for participation: Hard difficulty. Experience needed to fix: A lot. P-medium Medium priority T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.

Comments

@ExpHP
Copy link
Contributor

ExpHP commented Feb 25, 2018
edited
Loading

A recent Doc PR for CStr reminded me of this:

https://users.rust-lang.org/t/cstring-from-raw-danger/15340

  • CString::from_raw should make it clear that the length isn't just "recomputed," but that the recomputed length must match the original length. Yes, this can be inferred from the clearly-stated invariants of the type, but I feel this is important enough to deserve a sentence all of its own in the Unsafety section of the from_raw method, because it singlehandedly cripples a very wide range of would-be use cases for CString.
  • CString::into_raw should steer users away from using the pattern of CString::{into_raw,from_raw} when interfacing with C APIs that may change the effective length of the string by writing interior NULs or erasing the final NUL. (But what should we steer them towards? Vec<c_char>, probably? Hard to create one from string data though, compared to Vec<u8>...)
@sfackler sfackler added the A-docs Area: documentation for any part of the project, including the compiler, standard library, and tools label Feb 25, 2018
@jkordish jkordish added the C-enhancement Category: An issue proposing an enhancement or a PR with one. label Mar 7, 2018
@steveklabnik steveklabnik added the E-hard Call for participation: Hard difficulty. Experience needed to fix: A lot. label May 28, 2018
@frewsxcv
Copy link
Member

We might want to reuse some of the language from Vec::from_raw_parts:

  • ptr needs to have been previously allocated via String/Vec<T> (at least, it's highly likely to be incorrect if it wasn't).
  • ptr's T needs to have the same size and alignment as it was allocated with.

@steveklabnik steveklabnik added the P-medium Medium priority label Dec 27, 2018
@jonas-schievink jonas-schievink added A-FFI Area: Foreign function interface (FFI) T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. labels Mar 6, 2020
@poliorcetics poliorcetics mentioned this issue Jun 3, 2020
Merged
@bors bors closed this as completed in 824ea6b Jun 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-docs Area: documentation for any part of the project, including the compiler, standard library, and tools A-FFI Area: Foreign function interface (FFI) C-enhancement Category: An issue proposing an enhancement or a PR with one. E-hard Call for participation: Hard difficulty. Experience needed to fix: A lot. P-medium Medium priority T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Cstring from_raw and into_raw safety precisions poliorcetics/rust
6 participants
@steveklabnik @jkordish @frewsxcv @ExpHP @sfackler @jonas-schievink