diff options
| author | Guillaume Gomez <guillaume1.gomez@gmail.com> | 2016-09-24 00:15:43 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-24 00:15:43 +0200 |
| commit | f45283b93e04fe8bfab8c6dfd7121ad17d524bec (patch) | |
| tree | 526d32c59afb223fc6f56d7f8ac6cb60982ae3ed /src/libstd | |
| parent | cb1b1eef8d7f2fc934bf99201421b81b3d7fba99 (diff) | |
| parent | 0d3d23bdeed507e20a565ef89c3e2c4d51348022 (diff) | |
| download | rust-f45283b93e04fe8bfab8c6dfd7121ad17d524bec.tar.gz rust-f45283b93e04fe8bfab8c6dfd7121ad17d524bec.zip | |
Rollup merge of #36018 - durka:patch-28, r=steveklabnik
strengthen doc warning about CString::from_raw Saw unsound code using this function on IRC.
Diffstat (limited to 'src/libstd')
| -rw-r--r-- | src/libstd/ffi/c_str.rs | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/libstd/ffi/c_str.rs b/src/libstd/ffi/c_str.rs index 28081367ced..d6a5efbd279 100644 --- a/src/libstd/ffi/c_str.rs +++ b/src/libstd/ffi/c_str.rs @@ -228,9 +228,14 @@ impl CString { /// Retakes ownership of a `CString` that was transferred to C. /// + /// Additionally, the length of the string will be recalculated from the pointer. + /// + /// # Safety + /// /// This should only ever be called with a pointer that was earlier - /// obtained by calling `into_raw` on a `CString`. Additionally, the length - /// of the string will be recalculated from the pointer. + /// obtained by calling `into_raw` on a `CString`. Other usage (e.g. trying to take + /// ownership of a string that was allocated by foreign code) is likely to lead + /// to undefined behavior or allocator corruption. #[stable(feature = "cstr_memory", since = "1.4.0")] pub unsafe fn from_raw(ptr: *mut c_char) -> CString { let len = libc::strlen(ptr) + 1; // Including the NUL byte |