diff options
| author | Ralf Jung <post@ralfj.de> | 2020-09-19 11:47:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-19 11:47:31 +0200 |
| commit | 44be933ff7cd85f5b709d8c63ffef022e8918c8b (patch) | |
| tree | ab6a8f55f5ca393698e1593a34ff97ab16a9c3e7 /library/std/src | |
| parent | 4e8a8b49ae57233bc196f3529f5184bc208c3034 (diff) | |
| parent | 00d537dcd03f9ff5ebdf8b86e039dbdb0a7f850c (diff) | |
| download | rust-44be933ff7cd85f5b709d8c63ffef022e8918c8b.tar.gz rust-44be933ff7cd85f5b709d8c63ffef022e8918c8b.zip | |
Rollup merge of #73963 - hellow554:unsafe_path, r=Mark-Simulacrum
deny(unsafe_op_in_unsafe_fn) in libstd/path.rs The libstd/path.rs part of #73904 . Wraps the two calls to an unsafe fn Initializer::nop() in an unsafe block.
Diffstat (limited to 'library/std/src')
| -rw-r--r-- | library/std/src/path.rs | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/library/std/src/path.rs b/library/std/src/path.rs index d71e89d0eee..b83c1e9628d 100644 --- a/library/std/src/path.rs +++ b/library/std/src/path.rs @@ -58,6 +58,7 @@ //! [`push`]: PathBuf::push #![stable(feature = "rust1", since = "1.0.0")] +#![deny(unsafe_op_in_unsafe_fn)] #[cfg(test)] mod tests; @@ -294,7 +295,8 @@ fn os_str_as_u8_slice(s: &OsStr) -> &[u8] { unsafe { &*(s as *const OsStr as *const [u8]) } } unsafe fn u8_slice_as_os_str(s: &[u8]) -> &OsStr { - &*(s as *const [u8] as *const OsStr) + // SAFETY: see the comment of `os_str_as_u8_slice` + unsafe { &*(s as *const [u8] as *const OsStr) } } // Detect scheme on Redox @@ -314,24 +316,21 @@ fn has_physical_root(s: &[u8], prefix: Option<Prefix<'_>>) -> bool { // basic workhorse for splitting stem and extension fn split_file_at_dot(file: &OsStr) -> (Option<&OsStr>, Option<&OsStr>) { - unsafe { - if os_str_as_u8_slice(file) == b".." { - return (Some(file), None); - } - - // The unsafety here stems from converting between &OsStr and &[u8] - // and back. This is safe to do because (1) we only look at ASCII - // contents of the encoding and (2) new &OsStr values are produced - // only from ASCII-bounded slices of existing &OsStr values. + if os_str_as_u8_slice(file) == b".." { + return (Some(file), None); + } - let mut iter = os_str_as_u8_slice(file).rsplitn(2, |b| *b == b'.'); - let after = iter.next(); - let before = iter.next(); - if before == Some(b"") { - (Some(file), None) - } else { - (before.map(|s| u8_slice_as_os_str(s)), after.map(|s| u8_slice_as_os_str(s))) - } + // The unsafety here stems from converting between &OsStr and &[u8] + // and back. This is safe to do because (1) we only look at ASCII + // contents of the encoding and (2) new &OsStr values are produced + // only from ASCII-bounded slices of existing &OsStr values. + let mut iter = os_str_as_u8_slice(file).rsplitn(2, |b| *b == b'.'); + let after = iter.next(); + let before = iter.next(); + if before == Some(b"") { + (Some(file), None) + } else { + unsafe { (before.map(|s| u8_slice_as_os_str(s)), after.map(|s| u8_slice_as_os_str(s))) } } } @@ -1702,7 +1701,7 @@ impl Path { // The following (private!) function allows construction of a path from a u8 // slice, which is only safe when it is known to follow the OsStr encoding. unsafe fn from_u8_slice(s: &[u8]) -> &Path { - Path::new(u8_slice_as_os_str(s)) + unsafe { Path::new(u8_slice_as_os_str(s)) } } // The following (private!) function reveals the byte encoding used for OsStr. fn as_u8_slice(&self) -> &[u8] { |