Switch to safe CStr::from_bytes_until_nul on sized c_char array wrapper
#746
Conversation
|
I think this would look a lot better wrapped up in a helper function. |
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
from
8729f65
to
71e897c
Compare
|
@Ralith indeed, because of the unfortunate slice cast. I wish there were |
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
2 times, most recently
from
3b120f0
to
bda23f5
Compare
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
2 times, most recently
from
9229dc7
to
7489a7e
Compare
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
from
7489a7e
to
510a638
Compare
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
from
510a638
to
88cd2e0
Compare
|
@Ralith taking this PR one step further, what is your thought on extending these structs with a That would imply the same MSRV bump unless we decide to implement it with the current |
|
That sounds nice to me! Any trivial operation that ~every user will have to do to make use of a field is a good candidate for wrapping. |
MarijnS95
changed the title
CStr::from_bytes_until_nul on sized char arrays in structsCStr::from_bytes_until_nul on sized c_char wrapper
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
from
88cd2e0
to
40e19d8
Compare
MarijnS95
changed the title
CStr::from_bytes_until_nul on sized c_char wrapperCStr::from_bytes_until_nul on sized c_char array wrapper
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
from
40e19d8
to
629b67e
Compare
|
Done in #831 without breaking MSRV, and rebased this PR to turn the (We could also make the current function be safe and return a |
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
from
629b67e
to
d4c5868
Compare
On this note, do we also have cases where we might want to wrap a pointer+count in a slice? In most cases it's probably not useful as the user already has access to their slice: let mut my_data = Vec![...];
let mut vk_struct = vk::Something::builder().data(&mut my_data);
device.get_something(&mut vk_struct);
dbg!(my_data);But it might be worth it for writing layers in Rust with |
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
2 times, most recently
from
5303f81
to
f744d57
Compare
|
@Ralith if you're okay with this, Rust 1.69 is now 7 months old and helps us fix the existing soundness issues discussed in #831 (comment) in a trivial way. I'd say we merge this and bump the MSRV, and also unblock the |
…rapper Certain structs contain sized character arrays that are converted to `CStr` for convenient accss to the user and our `Debug` implementation using unsafe `CStr::from_ptr(...as_ptr())`. There is no need to round-trip to a pointer and possibly read out of bounds if the NUL-terminator index (string length) is instead searched for by the newly stabilized `CStr::from_bytes_until_nul()` fn since Rust 1.69 (which panics if no NUL-terminator is found before the end of the slice). Unfortunately `unsafe` is still needed to cast the array from a `c_char` (`i8` on most platforms) to `u8`, which is what `from_bytes_until_nul()` accepts.
MarijnS95
force-pushed
the
cstr-from-bytes-until-nul
branch
from
f744d57
to
87103fa
Compare
|
SGTM. I don't think there's much benefit to a conservative MSRV here, especially if you don't want one. |
Depends on #831
Certain structs contain sized character arrays that are converted to
CStrfor convenient accss to the user and ourDebugimplementation using unsafeCStr::from_ptr(...as_ptr()). There is no need to round-trip to a pointer and possibly read out of bounds if the NUL-terminator index (string length) is instead searched for by the newly stabilizedCStr::from_bytes_until_nul()fn since Rust 1.69 (which panics if no NUL-terminator is found before the end of the slice).Unfortunately
unsafeis still needed to cast the array from ac_char(i8on most platforms) tou8, which is whatfrom_bytes_until_nul()accepts.Draft because this is a rather eager MSRV bump that we should probably give more time to be adopted by the community, and because the unsafe slice casts don't look all that pretty.