Skip to content

Cstring from_raw and into_raw safety precisions #72963

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 8, 2020
Merged

Cstring from_raw and into_raw safety precisions #72963

merged 2 commits into from
Jun 8, 2020

Conversation

poliorcetics
Copy link
Contributor

@poliorcetics poliorcetics commented Jun 3, 2020
edited
Loading

Fixes #48525.
Fixes #68456.

This issue had two points:

  • The one about from_raw has been addressed (I hope).
  • The other one, about into_raw, has only been partially fixed.

About into_raw: the idea was to:

steer users away from using the pattern of CString::{into_raw,from_raw} when interfacing with C APIs that may change the effective length of the string by writing interior NULs or erasing the final NUL

I tried making a Vec<c_char> like suggested but my current solution feels very unsafe and hacky to me (most notably the type cast), I included it here to make it available for discussion:

fn main() {
    use std::os::raw::c_char;

    let v = String::from("abc")
        .bytes()
        // From u8 to i8,
        // I feel like it will be a problem for values of u8 > 255
        .map(|c| c as c_char)
        .collect::<Vec<_>>();

    dbg!(v);
}

@rust-highfive
Copy link
Contributor

r? @dtolnay

(rust_highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Jun 3, 2020
@dtolnay dtolnay added the T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. label Jun 8, 2020
@dtolnay
Copy link
Member

dtolnay commented Jun 8, 2020

@bors r+

@bors
Copy link
Collaborator

bors commented Jun 8, 2020

📌 Commit 87abe17 has been approved by dtolnay

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 8, 2020
@dtolnay
Copy link
Member

dtolnay commented Jun 8, 2020

@bors rollup

@dtolnay
Copy link
Member

dtolnay commented Jun 8, 2020

I think the canonical way to make a Vec<c_char> in place is:

let (ptr, len, cap) = string.into_bytes().into_raw_parts();
let v = unsafe { Vec::from_raw_parts(ptr as *mut c_char, len, cap) };

@RalfJung RalfJung mentioned this pull request Jun 8, 2020
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Jun 8, 2020
@bors
Auto merge of rust-lang#73115 - RalfJung:rollup-jecowhz, r=RalfJung
bc10b68 
Rollup of 10 pull requests

Successful merges:

 - rust-lang#72026 (Update annotate-snippets-rs to 0.8.0)
 - rust-lang#72583 (impl AsRef<[T]> for vec::IntoIter<T>)
 - rust-lang#72615 (Fix documentation example for gcov profiling)
 - rust-lang#72761 (Added the documentation for the 'use' keyword)
 - rust-lang#72799 (Add `-Z span-debug` to allow for easier debugging of proc macros)
 - rust-lang#72811 (Liballoc impl)
 - rust-lang#72963 (Cstring `from_raw` and `into_raw` safety precisions)
 - rust-lang#73001 (Free `default()` forwarding to `Default::default()`)
 - rust-lang#73075 (Add comments to `Resolve::get_module`)
 - rust-lang#73092 (Clean up E0646)

Failed merges:

r? @ghost
@bors bors merged commit 824ea6b into rust-lang:master Jun 8, 2020
@poliorcetics poliorcetics deleted the cstring-from-raw branch June 8, 2020 20:20
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@dtolnay dtolnay dtolnay approved these changes

Assignees

@dtolnay dtolnay

Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CString::from_raw should be document that changing the length of a string is UB Document the requirement on recomputed length for CString::from_raw
4 participants
@poliorcetics @rust-highfive @dtolnay @bors