diff options
| author | Matthias Krüger <matthias.krueger@famsik.de> | 2023-05-26 08:24:08 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-26 08:24:08 +0200 |
| commit | 2daecf7c455a8ff0d2690b361441558a4212fd85 (patch) | |
| tree | 021a707f707f0d8efe76d52c8d5993e334bd3352 | |
| parent | 78cc117f7bb994f49c7f9b58dcf7807b18d69e28 (diff) | |
| parent | dd56f930cc6e174a24ddd1ea5f1bbf9af978abf9 (diff) | |
| download | rust-2daecf7c455a8ff0d2690b361441558a4212fd85.tar.gz rust-2daecf7c455a8ff0d2690b361441558a4212fd85.zip | |
Rollup merge of #111940 - zirconium-n:io-read-doc-change, r=thomcc
Clarify safety concern of `io::Read::read` is only relevant in unsafe code We have this clarification note in other similar place like [Iterator::size_hint](https://doc.rust-lang.org/stable/std/iter/trait.Iterator.html#method.size_hint). The lack of clarification might lead to confusion to Rust beginners. [Relevant URLO post](https://users.rust-lang.org/t/can-read-overflow-a-buffer/94347).
| -rw-r--r-- | library/std/src/io/mod.rs | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/library/std/src/io/mod.rs b/library/std/src/io/mod.rs index 9e09ce337bc..8a007d095d5 100644 --- a/library/std/src/io/mod.rs +++ b/library/std/src/io/mod.rs @@ -593,7 +593,8 @@ pub trait Read { /// This may happen for example because fewer bytes are actually available right now /// (e. g. being close to end-of-file) or because read() was interrupted by a signal. /// - /// As this trait is safe to implement, callers cannot rely on `n <= buf.len()` for safety. + /// As this trait is safe to implement, callers in unsafe code cannot rely on + /// `n <= buf.len()` for safety. /// Extra care needs to be taken when `unsafe` functions are used to access the read bytes. /// Callers have to ensure that no unchecked out-of-bounds accesses are possible even if /// `n > buf.len()`. @@ -603,8 +604,8 @@ pub trait Read { /// contents of `buf` being true. It is recommended that *implementations* /// only write data to `buf` instead of reading its contents. /// - /// Correspondingly, however, *callers* of this method must not assume any guarantees - /// about how the implementation uses `buf`. The trait is safe to implement, + /// Correspondingly, however, *callers* of this method in unsafe code must not assume + /// any guarantees about how the implementation uses `buf`. The trait is safe to implement, /// so it is possible that the code that's supposed to write to the buffer might also read /// from it. It is your responsibility to make sure that `buf` is initialized /// before calling `read`. Calling `read` with an uninitialized `buf` (of the kind one |