diff options
| author | bors <bors@rust-lang.org> | 2021-03-19 15:38:57 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2021-03-19 15:38:57 +0000 |
| commit | 9f4bc3ead43a57783d8abea2fa6931a6736f3490 (patch) | |
| tree | ea7f9020ead403b250e25b49007cbc9043c9ec21 /library/std/src/io/mod.rs | |
| parent | b97fd3e5a1545ab02e18c52e7f3d2e78a5c960bf (diff) | |
| parent | 99f411d4385f654cfffb5126725414da8b99e211 (diff) | |
| download | rust-9f4bc3ead43a57783d8abea2fa6931a6736f3490.tar.gz rust-9f4bc3ead43a57783d8abea2fa6931a6736f3490.zip | |
Auto merge of #83301 - Dylan-DPC:rollup-x1yzvhm, r=Dylan-DPC
Rollup of 11 pull requests Successful merges: - #82500 (Reuse `std::sys::unsupported::pipe` on `hermit`) - #82759 (Remove unwrap_none/expect_none from compiler/.) - #82846 (rustdoc: allow list syntax for #[doc(alias)] attributes) - #82892 (Clarify docs for Read::read's return value) - #83179 (Extend `proc_macro_back_compat` lint to `actix-web`) - #83197 (Move some test-only code to test files) - #83208 (Fix gitattibutes for old git versions) - #83215 (Deprecate std::os::haiku::raw, which accidentally wasn't deprecated) - #83230 (Remove unnecessary `forward_inner_docs` hack) - #83236 (Upgrade memmap to memmap2) - #83270 (Fix typo/inaccuracy in the documentation of Iterator::skip_while) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
Diffstat (limited to 'library/std/src/io/mod.rs')
| -rw-r--r-- | library/std/src/io/mod.rs | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/library/std/src/io/mod.rs b/library/std/src/io/mod.rs index 17002e3b860..6abb300054a 100644 --- a/library/std/src/io/mod.rs +++ b/library/std/src/io/mod.rs @@ -514,8 +514,8 @@ pub trait Read { /// waiting for data, but if an object needs to block for a read and cannot, /// it will typically signal this via an [`Err`] return value. /// - /// If the return value of this method is [`Ok(n)`], then it must be - /// guaranteed that `0 <= n <= buf.len()`. A nonzero `n` value indicates + /// If the return value of this method is [`Ok(n)`], then implementations must + /// guarantee that `0 <= n <= buf.len()`. A nonzero `n` value indicates /// that the buffer `buf` has been filled in with `n` bytes of data from this /// source. If `n` is `0`, then it can indicate one of two scenarios: /// @@ -529,6 +529,11 @@ pub trait Read { /// This may happen for example because fewer bytes are actually available right now /// (e. g. being close to end-of-file) or because read() was interrupted by a signal. /// + /// As this trait is safe to implement, callers cannot rely on `n <= buf.len()` for safety. + /// Extra care needs to be taken when `unsafe` functions are used to access the read bytes. + /// Callers have to ensure that no unchecked out-of-bounds accesses are possible even if + /// `n > buf.len()`. + /// /// No guarantees are provided about the contents of `buf` when this /// function is called, implementations cannot rely on any property of the /// contents of `buf` being true. It is recommended that *implementations* |