add stronger warning to CString::from_raw

author: Alex Burka <durka42+github@gmail.com> 2016-08-26 13:17:45 -0400
committer: Alex Burka <durka42@gmail.com> 2016-09-14 15:24:04 +0000
commit: 0d3d23bdeed507e20a565ef89c3e2c4d51348022 (patch)
tree: 0e6d7e2e370f17071e01a753983a9eb024c0e326 /src/libstd
parent: 739d57180fa207410b8858f8cede7b8a9ea6f01e (diff)
download: rust-0d3d23bdeed507e20a565ef89c3e2c4d51348022.tar.gz
rust-0d3d23bdeed507e20a565ef89c3e2c4d51348022.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/src/libstd/ffi/c_str.rs b/src/libstd/ffi/c_str.rs
index 2d5e8c04194..d8785142795 100644
--- a/src/libstd/ffi/c_str.rs
+++ b/src/libstd/ffi/c_str.rs
@@ -228,9 +228,14 @@ impl CString {
 
     /// Retakes ownership of a `CString` that was transferred to C.
     ///
+    /// Additionally, the length of the string will be recalculated from the pointer.
+    ///
+    /// # Safety
+    ///
     /// This should only ever be called with a pointer that was earlier
-    /// obtained by calling `into_raw` on a `CString`. Additionally, the length
-    /// of the string will be recalculated from the pointer.
+    /// obtained by calling `into_raw` on a `CString`. Other usage (e.g. trying to take
+    /// ownership of a string that was allocated by foreign code) is likely to lead
+    /// to undefined behavior or allocator corruption.
     #[stable(feature = "cstr_memory", since = "1.4.0")]
     pub unsafe fn from_raw(ptr: *mut c_char) -> CString {
         let len = libc::strlen(ptr) + 1; // Including the NUL byte
author	Alex Burka <durka42+github@gmail.com>	2016-08-26 13:17:45 -0400
committer	Alex Burka <durka42@gmail.com>	2016-09-14 15:24:04 +0000
commit	0d3d23bdeed507e20a565ef89c3e2c4d51348022 (patch)
tree	0e6d7e2e370f17071e01a753983a9eb024c0e326 /src/libstd
parent	739d57180fa207410b8858f8cede7b8a9ea6f01e (diff)
download	rust-0d3d23bdeed507e20a565ef89c3e2c4d51348022.tar.gz rust-0d3d23bdeed507e20a565ef89c3e2c4d51348022.zip