From 4dda047de346ae68fa760548f7ae63e3ae736146 Mon Sep 17 00:00:00 2001 From: jmaargh Date: Tue, 19 Apr 2022 21:12:55 +0100 Subject: Clarify docs for from_raw_parts Original safety explanation for from_raw_parts was unclear on safety for consuming a C string. This clarifies when doing so is safe. --- library/alloc/src/string.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'library/alloc/src/string.rs') diff --git a/library/alloc/src/string.rs b/library/alloc/src/string.rs index e97c1637fd5..2272c5b7330 100644 --- a/library/alloc/src/string.rs +++ b/library/alloc/src/string.rs @@ -770,7 +770,10 @@ impl String { /// * The first `length` bytes at `buf` need to be valid UTF-8. /// /// Violating these may cause problems like corrupting the allocator's - /// internal data structures. + /// internal data structures. For example, it is normally **not** safe to + /// build a `String` from a pointer to a C `char` array containing UTF-8 + /// _unless_ you are certain that array was originally allocated by the + /// Rust standard library's allocator. /// /// The ownership of `buf` is effectively transferred to the /// `String` which may then deallocate, reallocate or change the -- cgit 1.4.1-3-g733a5