rust/alloc at c006eb701059455e1f97e433aec2e7646eb8e15c - rust

mirror of https://github.com/rust-lang/rust.git synced 2025-06-21 20:17:55 +00:00

History

Matthias Krüger bd3af53489 Rollup merge of #137714 - DiuDiu777:doc-fix, r=tgross35 Update safety documentation for `CString::from_ptr` and `str::from_boxed_utf8_unchecked` ## PR Description This PR addresses missing safety documentation for two APIs: 1. alloc::ffi::CStr::from_raw - `Alias`: The pointer must not be aliased (accessed via other pointers) during the reconstructed CString's lifetime. - `Owning`: Calling this function twice on the same pointer and creating two objects with overlapping lifetimes, introduces two alive owners of the same memory. This may result in a double-free. - `Dangling`: The prior documentation required the pointer to originate from CString::into_raw, but this constraint is incomplete. A validly sourced pointer can also cause undefined behavior (UB) if it becomes dangling. A simple Poc for this situation: ``` use std::ffi::CString; use std::os::raw::c_char; fn create_dangling() -> mut c_char { let local_ptr: mut c_char = { let valid_data = CString::new("valid").unwrap(); valid_data.into_raw() }; unsafe { let _x = CString::from_raw(local_ptr); } local_ptr } fn main() { let dangling = create_dangling(); unsafe {let _y = CString::from_raw(dangling);} // Cause UB! } ``` 2. alloc::str::from_boxed_utf8_unchecked - `ValidStr`: Bytes must contain a valid UTF-8 sequence.	2025-04-27 11:54:57 +02:00
..
src	Rollup merge of #137714 - DiuDiu777:doc-fix, r=tgross35	2025-04-27 11:54:57 +02:00
Cargo.toml	Update `compiler_builtins` to 0.1.156	2025-04-22 05:46:51 +00:00

Matthias Krüger bd3af53489

Rollup merge of #137714 - DiuDiu777:doc-fix, r=tgross35

Update safety documentation for `CString::from_ptr` and `str::from_boxed_utf8_unchecked`

## PR Description
This PR addresses missing safety documentation for two APIs:

**1. alloc::ffi::CStr::from_raw**

- `Alias`: The pointer must not be aliased (accessed via other pointers) during the reconstructed CString's lifetime.
- `Owning`: Calling this function twice on the same pointer and creating two objects with overlapping lifetimes, introduces two alive owners of the same memory. This may result in a double-free.
- `Dangling`: The prior documentation required the pointer to originate from CString::into_raw, but this constraint is incomplete. A validly sourced pointer can also cause undefined behavior (UB) if it becomes dangling. A simple Poc for this situation:
```
use std::ffi::CString;
use std::os::raw::c_char;

fn create_dangling() -> *mut c_char {
    let local_ptr: *mut c_char = {
        let valid_data = CString::new("valid").unwrap();
        valid_data.into_raw()
    };

    unsafe {
        let _x = CString::from_raw(local_ptr);
    }
    local_ptr
}

fn main() {
    let dangling = create_dangling();
    unsafe {let _y = CString::from_raw(dangling);} // Cause UB!
}
```

**2. alloc::str::from_boxed_utf8_unchecked**

- `ValidStr`: Bytes must contain a valid UTF-8 sequence.

2025-04-27 11:54:57 +02:00

src Rollup merge of #137714 - DiuDiu777:doc-fix, r=tgross35 2025-04-27 11:54:57 +02:00

Cargo.toml Update compiler_builtins to 0.1.156 2025-04-22 05:46:51 +00:00