| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License.. |
| |
| /// A type representing an owned, C-compatible, nul-terminated string with no nul bytes in the |
| /// middle. |
| /// |
| /// This type serves the purpose of being able to safely generate a |
| /// C-compatible string from a Rust byte slice or vector. An instance of this |
| /// type is a static guarantee that the underlying bytes contain no interior 0 |
| /// bytes ("nul characters") and that the final byte is 0 ("nul terminator"). |
| /// |
| use sgx_types::c_char; |
| use crate::memchr; |
| use crate::ascii; |
| |
| use core::ops; |
| use core::cmp::Ordering; |
| use core::mem; |
| use core::ptr; |
| use core::fmt::{self, Write}; |
| use core::num::NonZeroU8; |
| use alloc::boxed::Box; |
| use alloc::borrow::{Cow, Borrow, ToOwned}; |
| use alloc::vec::Vec; |
| use alloc::string::String; |
| use alloc::slice; |
| use alloc::rc::Rc; |
| use alloc::sync::Arc; |
| |
| use alloc::str::{self, Utf8Error}; |
| |
| /// A type representing an owned C-compatible string |
| /// |
| #[derive(PartialEq, PartialOrd, Eq, Ord, Hash, Clone)] |
| pub struct CString { |
| // Invariant 1: the slice ends with a zero byte and has a length of at least one. |
| // Invariant 2: the slice contains only one zero byte. |
| // Improper usage of unsafe function can break Invariant 2, but not Invariant 1. |
| inner: Box<[u8]>, |
| } |
| |
| /// Representation of a borrowed C string. |
| /// |
| /// This type represents a borrowed reference to a nul-terminated |
| /// array of bytes. It can be constructed safely from a `&[`[`u8`]`]` |
| /// slice, or unsafely from a raw `*const c_char`. It can then be |
| /// converted to a Rust [`&str`] by performing UTF-8 validation, or |
| /// into an owned [`CString`]. |
| /// |
| /// `&CStr` is to [`CString`] as [`&str`] is to [`String`]: the former |
| /// in each pair are borrowed references; the latter are owned |
| /// strings. |
| /// |
| /// Note that this structure is **not** `repr(C)` and is not recommended to be |
| /// placed in the signatures of FFI functions. Instead, safe wrappers of FFI |
| /// functions may leverage the unsafe [`from_ptr`] constructor to provide a safe |
| /// interface to other consumers. |
| /// |
| #[derive(Hash)] |
| pub struct CStr { |
| // FIXME: this should not be represented with a DST slice but rather with |
| // just a raw `c_char` along with some form of marker to make |
| // this an unsized type. Essentially `sizeof(&CStr)` should be the |
| // same as `sizeof(&c_char)` but `CStr` should be an unsized type. |
| inner: [c_char], |
| } |
| |
| /// An error indicating that an interior nul byte was found. |
| /// |
| /// While Rust strings may contain nul bytes in the middle, C strings |
| /// can't, as that byte would effectively truncate the string. |
| /// |
| /// This error is created by the [`new`][`CString::new`] method on |
| /// [`CString`]. See its documentation for more. |
| /// |
| /// [`CString`]: struct.CString.html |
| /// [`CString::new`]: struct.CString.html#method.new |
| /// |
| #[derive(Clone, PartialEq, Eq, Debug)] |
| pub struct NulError(usize, Vec<u8>); |
| |
| impl fmt::Display for NulError { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| write!(f, "nul byte found in provided data at position: {}", self.0) |
| } |
| } |
| |
| /// An error indicating that a nul byte was not in the expected position. |
| /// |
| /// The slice used to create a [`CStr`] must have one and only one nul |
| /// byte at the end of the slice. |
| /// |
| /// This error is created by the |
| /// [`from_bytes_with_nul`][`CStr::from_bytes_with_nul`] method on |
| /// [`CStr`]. See its documentation for more. |
| /// |
| /// [`CStr`]: struct.CStr.html |
| /// [`CStr::from_bytes_with_nul`]: struct.CStr.html#method.from_bytes_with_nul |
| /// |
| #[derive(Clone, PartialEq, Eq, Debug)] |
| pub struct FromBytesWithNulError { |
| kind: FromBytesWithNulErrorKind, |
| } |
| |
| #[derive(Clone, PartialEq, Eq, Debug)] |
| enum FromBytesWithNulErrorKind { |
| InteriorNul(usize), |
| NotNulTerminated, |
| } |
| |
| impl FromBytesWithNulError { |
| fn interior_nul(pos: usize) -> FromBytesWithNulError { |
| FromBytesWithNulError { kind: FromBytesWithNulErrorKind::InteriorNul(pos) } |
| } |
| fn not_nul_terminated() -> FromBytesWithNulError { |
| FromBytesWithNulError { kind: FromBytesWithNulErrorKind::NotNulTerminated } |
| } |
| |
| pub fn __description(&self) -> &str { |
| match self.kind { |
| FromBytesWithNulErrorKind::InteriorNul(..) => { |
| "data provided contains an interior nul byte" |
| } |
| FromBytesWithNulErrorKind::NotNulTerminated => "data provided is not nul terminated", |
| } |
| } |
| } |
| |
| impl fmt::Display for FromBytesWithNulError { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| f.write_str(self.__description())?; |
| if let FromBytesWithNulErrorKind::InteriorNul(pos) = self.kind { |
| write!(f, " at byte pos {}", pos)?; |
| } |
| Ok(()) |
| } |
| } |
| |
| /// An error indicating invalid UTF-8 when converting a [`CString`] into a [`String`]. |
| /// |
| /// `CString` is just a wrapper over a buffer of bytes with a nul |
| /// terminator; [`into_string`][`CString::into_string`] performs UTF-8 |
| /// validation on those bytes and may return this error. |
| /// |
| /// This `struct` is created by the |
| /// [`into_string`][`CString::into_string`] method on [`CString`]. See |
| /// its documentation for more. |
| /// |
| /// [`String`]: ../string/struct.String.html |
| /// [`CString`]: struct.CString.html |
| /// [`CString::into_string`]: struct.CString.html#method.into_string |
| #[derive(Clone, PartialEq, Eq, Debug)] |
| pub struct IntoStringError { |
| inner: CString, |
| error: Utf8Error, |
| } |
| |
| impl IntoStringError { |
| pub fn __description(&self) -> &str { |
| "C string contained non-utf8 bytes" |
| } |
| |
| pub fn __source(&self) -> &Utf8Error { |
| &self.error |
| } |
| } |
| |
| impl fmt::Display for IntoStringError { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| self.__description().fmt(f) |
| } |
| } |
| |
| |
| impl CString { |
| /// Creates a new C-compatible string from a container of bytes. |
| /// |
| /// This function will consume the provided data and use the |
| /// underlying bytes to construct a new string, ensuring that |
| /// there is a trailing 0 byte. This trailing 0 byte will be |
| /// appended by this function; the provided data should *not* |
| /// contain any 0 bytes in it. |
| /// |
| pub fn new<T: Into<Vec<u8>>>(t: T) -> Result<CString, NulError> { |
| trait SpecIntoVec { |
| fn into_vec(self) -> Vec<u8>; |
| } |
| impl<T: Into<Vec<u8>>> SpecIntoVec for T { |
| default fn into_vec(self) -> Vec<u8> { |
| self.into() |
| } |
| } |
| // Specialization for avoiding reallocation. |
| impl SpecIntoVec for &'_ [u8] { |
| fn into_vec(self) -> Vec<u8> { |
| let mut v = Vec::with_capacity(self.len() + 1); |
| v.extend(self); |
| v |
| } |
| } |
| impl SpecIntoVec for &'_ str { |
| fn into_vec(self) -> Vec<u8> { |
| let mut v = Vec::with_capacity(self.len() + 1); |
| v.extend(self.as_bytes()); |
| v |
| } |
| } |
| |
| Self::_new(SpecIntoVec::into_vec(t)) |
| } |
| |
| fn _new(bytes: Vec<u8>) -> Result<CString, NulError> { |
| match memchr::memchr(0, &bytes) { |
| Some(i) => Err(NulError(i, bytes)), |
| None => Ok(unsafe { CString::from_vec_unchecked(bytes) }), |
| } |
| } |
| |
| /// Creates a C-compatible string by consuming a byte vector, |
| /// without checking for interior 0 bytes. |
| /// |
| /// This method is equivalent to [`new`] except that no runtime assertion |
| /// is made that `v` contains no 0 bytes, and it requires an actual |
| /// byte vector, not anything that can be converted to one with Into. |
| /// |
| /// [`new`]: #method.new |
| /// |
| pub unsafe fn from_vec_unchecked(mut v: Vec<u8>) -> CString { |
| v.reserve_exact(1); |
| v.push(0); |
| CString { inner: v.into_boxed_slice() } |
| } |
| |
| /// Retakes ownership of a `CString` that was transferred to C via [`into_raw`]. |
| /// |
| /// Additionally, the length of the string will be recalculated from the pointer. |
| /// |
| /// # Safety |
| /// |
| /// This should only ever be called with a pointer that was earlier |
| /// obtained by calling [`into_raw`] on a `CString`. Other usage (e.g., trying to take |
| /// ownership of a string that was allocated by foreign code) is likely to lead |
| /// to undefined behavior or allocator corruption. |
| /// |
| /// > **Note:** If you need to borrow a string that was allocated by |
| /// > foreign code, use [`CStr`]. If you need to take ownership of |
| /// > a string that was allocated by foreign code, you will need to |
| /// > make your own provisions for freeing it appropriately, likely |
| /// > with the foreign code's API to do that. |
| /// |
| /// [`into_raw`]: #method.into_raw |
| /// [`CStr`]: struct.CStr.html |
| /// |
| pub unsafe fn from_raw(ptr: *mut c_char) -> CString { |
| let len = crate::strlen(ptr) + 1; // Including the NUL byte |
| let slice = slice::from_raw_parts_mut(ptr, len as usize); |
| CString { inner: Box::from_raw(slice as *mut [c_char] as *mut [u8]) } |
| } |
| |
| /// Consumes the `CString` and transfers ownership of the string to a C caller. |
| /// |
| /// The pointer which this function returns must be returned to Rust and reconstituted using |
| /// [`from_raw`] to be properly deallocated. Specifically, one |
| /// should *not* use the standard C `free()` function to deallocate |
| /// this string. |
| /// |
| /// Failure to call [`from_raw`] will lead to a memory leak. |
| /// |
| /// [`from_raw`]: #method.from_raw |
| /// |
| #[inline] |
| pub fn into_raw(self) -> *mut c_char { |
| Box::into_raw(self.into_inner()) as *mut c_char |
| } |
| |
| /// Converts the `CString` into a [`String`] if it contains valid UTF-8 data. |
| /// |
| /// On failure, ownership of the original `CString` is returned. |
| /// |
| /// [`String`]: ../string/struct.String.html |
| /// |
| pub fn into_string(self) -> Result<String, IntoStringError> { |
| String::from_utf8(self.into_bytes()).map_err(|e| IntoStringError { |
| error: e.utf8_error(), |
| inner: unsafe { CString::from_vec_unchecked(e.into_bytes()) }, |
| }) |
| } |
| |
| /// Consumes the `CString` and returns the underlying byte buffer. |
| /// |
| /// The returned buffer does **not** contain the trailing nul |
| /// terminator, and it is guaranteed to not have any interior nul |
| /// bytes. |
| /// |
| pub fn into_bytes(self) -> Vec<u8> { |
| let mut vec = self.into_inner().into_vec(); |
| let _nul = vec.pop(); |
| debug_assert_eq!(_nul, Some(0u8)); |
| vec |
| } |
| |
| /// Equivalent to the [`into_bytes`] function except that the returned vector |
| /// includes the trailing nul terminator. |
| /// |
| /// [`into_bytes`]: #method.into_bytes |
| /// |
| pub fn into_bytes_with_nul(self) -> Vec<u8> { |
| self.into_inner().into_vec() |
| } |
| |
| /// Returns the contents of this `CString` as a slice of bytes. |
| /// |
| /// The returned slice does **not** contain the trailing nul |
| /// terminator, and it is guaranteed to not have any interior nul |
| /// bytes. If you need the nul terminator, use |
| /// [`as_bytes_with_nul`] instead. |
| /// |
| /// [`as_bytes_with_nul`]: #method.as_bytes_with_nul |
| /// |
| #[inline] |
| pub fn as_bytes(&self) -> &[u8] { |
| &self.inner[..self.inner.len() - 1] |
| } |
| |
| /// Equivalent to the [`as_bytes`] function except that the returned slice |
| /// includes the trailing nul terminator. |
| #[inline] |
| pub fn as_bytes_with_nul(&self) -> &[u8] { |
| &self.inner |
| } |
| |
| /// Extracts a [`CStr`] slice containing the entire string. |
| #[inline] |
| pub fn as_c_str(&self) -> &CStr { |
| &*self |
| } |
| |
| /// Converts this `CString` into a boxed [`CStr`]. |
| /// |
| /// [`CStr`]: struct.CStr.html |
| /// |
| pub fn into_boxed_c_str(self) -> Box<CStr> { |
| unsafe { Box::from_raw(Box::into_raw(self.into_inner()) as *mut CStr) } |
| } |
| |
| /// Bypass "move out of struct which implements [`Drop`] trait" restriction. |
| /// |
| /// [`Drop`]: ../ops/trait.Drop.html |
| fn into_inner(self) -> Box<[u8]> { |
| // Rationale: `mem::forget(self)` invalidates the previous call to `ptr::read(&self.inner)` |
| // so we use `ManuallyDrop` to ensure `self` is not dropped. |
| // Then we can return the box directly without invalidating it. |
| // See https://github.com/rust-lang/rust/issues/62553. |
| let this = mem::ManuallyDrop::new(self); |
| unsafe { ptr::read(&this.inner) } |
| } |
| } |
| |
| // Turns this `CString` into an empty string to prevent |
| // memory-unsafe code from working by accident. Inline |
| // to prevent LLVM from optimizing it away in debug builds. |
| impl Drop for CString { |
| #[inline] |
| fn drop(&mut self) { |
| unsafe { |
| *self.inner.get_unchecked_mut(0) = 0; |
| } |
| } |
| } |
| |
| impl ops::Deref for CString { |
| type Target = CStr; |
| |
| #[inline] |
| fn deref(&self) -> &CStr { |
| unsafe { CStr::from_bytes_with_nul_unchecked(self.as_bytes_with_nul()) } |
| } |
| } |
| |
| impl fmt::Debug for CString { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| fmt::Debug::fmt(&**self, f) |
| } |
| } |
| |
| impl From<CString> for Vec<u8> { |
| /// Converts a [`CString`] into a [`Vec`]`<u8>`. |
| /// |
| /// The conversion consumes the [`CString`], and removes the terminating NUL byte. |
| /// |
| /// [`Vec`]: ../vec/struct.Vec.html |
| /// [`CString`]: ../ffi/struct.CString.html |
| #[inline] |
| fn from(s: CString) -> Vec<u8> { |
| s.into_bytes() |
| } |
| } |
| |
| impl fmt::Debug for CStr { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| write!(f, "\"")?; |
| for byte in self.to_bytes().iter().flat_map(|&b| ascii::escape_default(b)) { |
| f.write_char(byte as char)?; |
| } |
| write!(f, "\"") |
| } |
| } |
| |
| impl Default for &CStr { |
| fn default() -> Self { |
| const SLICE: &[c_char] = &[0]; |
| unsafe { CStr::from_ptr(SLICE.as_ptr()) } |
| } |
| } |
| |
| impl Default for CString { |
| /// Creates an empty `CString`. |
| fn default() -> CString { |
| let a: &CStr = Default::default(); |
| a.to_owned() |
| } |
| } |
| |
| impl Borrow<CStr> for CString { |
| #[inline] |
| fn borrow(&self) -> &CStr { |
| self |
| } |
| } |
| |
| impl<'a> From<Cow<'a, CStr>> for CString { |
| #[inline] |
| fn from(s: Cow<'a, CStr>) -> Self { |
| s.into_owned() |
| } |
| } |
| |
| impl From<&CStr> for Box<CStr> { |
| fn from(s: &CStr) -> Box<CStr> { |
| let boxed: Box<[u8]> = Box::from(s.to_bytes_with_nul()); |
| unsafe { Box::from_raw(Box::into_raw(boxed) as *mut CStr) } |
| } |
| } |
| |
| impl From<Box<CStr>> for CString { |
| /// Converts a [`Box`]`<CStr>` into a [`CString`] without copying or allocating. |
| /// |
| /// [`Box`]: ../boxed/struct.Box.html |
| /// [`CString`]: ../ffi/struct.CString.html |
| #[inline] |
| fn from(s: Box<CStr>) -> CString { |
| s.into_c_string() |
| } |
| } |
| |
| impl From<Vec<NonZeroU8>> for CString { |
| /// Converts a [`Vec`]`<`[`NonZeroU8`]`>` into a [`CString`] without |
| /// copying nor checking for inner null bytes. |
| /// |
| /// [`CString`]: ../ffi/struct.CString.html |
| /// [`NonZeroU8`]: ../num/struct.NonZeroU8.html |
| /// [`Vec`]: ../vec/struct.Vec.html |
| #[inline] |
| fn from(v: Vec<NonZeroU8>) -> CString { |
| unsafe { |
| // Transmute `Vec<NonZeroU8>` to `Vec<u8>`. |
| let v: Vec<u8> = { |
| // Safety: |
| // - transmuting between `NonZeroU8` and `u8` is sound; |
| // - `alloc::Layout<NonZeroU8> == alloc::Layout<u8>`. |
| let (ptr, len, cap): (*mut NonZeroU8, _, _) = Vec::into_raw_parts(v); |
| Vec::from_raw_parts(ptr.cast::<u8>(), len, cap) |
| }; |
| // Safety: `v` cannot contain null bytes, given the type-level |
| // invariant of `NonZeroU8`. |
| CString::from_vec_unchecked(v) |
| } |
| } |
| } |
| |
| impl Clone for Box<CStr> { |
| #[inline] |
| fn clone(&self) -> Self { |
| (**self).into() |
| } |
| } |
| |
| impl From<CString> for Box<CStr> { |
| /// Converts a [`CString`] into a [`Box`]`<CStr>` without copying or allocating. |
| /// |
| /// [`CString`]: ../ffi/struct.CString.html |
| /// [`Box`]: ../boxed/struct.Box.html |
| #[inline] |
| fn from(s: CString) -> Box<CStr> { |
| s.into_boxed_c_str() |
| } |
| } |
| |
| impl<'a> From<CString> for Cow<'a, CStr> { |
| #[inline] |
| fn from(s: CString) -> Cow<'a, CStr> { |
| Cow::Owned(s) |
| } |
| } |
| |
| impl<'a> From<&'a CStr> for Cow<'a, CStr> { |
| #[inline] |
| fn from(s: &'a CStr) -> Cow<'a, CStr> { |
| Cow::Borrowed(s) |
| } |
| } |
| |
| impl<'a> From<&'a CString> for Cow<'a, CStr> { |
| #[inline] |
| fn from(s: &'a CString) -> Cow<'a, CStr> { |
| Cow::Borrowed(s.as_c_str()) |
| } |
| } |
| |
| impl From<CString> for Arc<CStr> { |
| /// Converts a [`CString`] into a [`Arc`]`<CStr>` without copying or allocating. |
| /// |
| /// [`CString`]: ../ffi/struct.CString.html |
| /// [`Arc`]: ../sync/struct.Arc.html |
| #[inline] |
| fn from(s: CString) -> Arc<CStr> { |
| let arc: Arc<[u8]> = Arc::from(s.into_inner()); |
| unsafe { Arc::from_raw(Arc::into_raw(arc) as *const CStr) } |
| } |
| } |
| |
| impl From<&CStr> for Arc<CStr> { |
| #[inline] |
| fn from(s: &CStr) -> Arc<CStr> { |
| let arc: Arc<[u8]> = Arc::from(s.to_bytes_with_nul()); |
| unsafe { Arc::from_raw(Arc::into_raw(arc) as *const CStr) } |
| } |
| } |
| |
| impl From<CString> for Rc<CStr> { |
| /// Converts a [`CString`] into a [`Rc`]`<CStr>` without copying or allocating. |
| /// |
| /// [`CString`]: ../ffi/struct.CString.html |
| /// [`Rc`]: ../rc/struct.Rc.html |
| #[inline] |
| fn from(s: CString) -> Rc<CStr> { |
| let rc: Rc<[u8]> = Rc::from(s.into_inner()); |
| unsafe { Rc::from_raw(Rc::into_raw(rc) as *const CStr) } |
| } |
| } |
| |
| impl From<&CStr> for Rc<CStr> { |
| #[inline] |
| fn from(s: &CStr) -> Rc<CStr> { |
| let rc: Rc<[u8]> = Rc::from(s.to_bytes_with_nul()); |
| unsafe { Rc::from_raw(Rc::into_raw(rc) as *const CStr) } |
| } |
| } |
| |
| impl Default for Box<CStr> { |
| fn default() -> Box<CStr> { |
| let boxed: Box<[u8]> = Box::from([0]); |
| unsafe { Box::from_raw(Box::into_raw(boxed) as *mut CStr) } |
| } |
| } |
| |
| impl NulError { |
| /// Returns the position of the nul byte in the slice that caused |
| /// [`CString::new`] to fail. |
| /// |
| /// [`CString::new`]: struct.CString.html#method.new |
| /// |
| pub fn nul_position(&self) -> usize { |
| self.0 |
| } |
| |
| /// Consumes this error, returning the underlying vector of bytes which |
| /// generated the error in the first place. |
| /// |
| pub fn into_vec(self) -> Vec<u8> { |
| self.1 |
| } |
| } |
| |
| impl IntoStringError { |
| /// Consumes this error, returning original [`CString`] which generated the |
| /// error. |
| /// |
| /// [`CString`]: struct.CString.html |
| pub fn into_cstring(self) -> CString { |
| self.inner |
| } |
| |
| /// Access the underlying UTF-8 error that was the cause of this error. |
| pub fn utf8_error(&self) -> Utf8Error { |
| self.error |
| } |
| } |
| |
| impl CStr { |
| /// Wraps a raw C string with a safe C string wrapper. |
| /// |
| /// This function will wrap the provided `ptr` with a `CStr` wrapper, which |
| /// allows inspection and interoperation of non-owned C strings. The total |
| /// size of the raw C string must be smaller than `isize::MAX` **bytes** |
| /// in memory due to calling the `slice::from_raw_parts` function. |
| /// This method is unsafe for a number of reasons: |
| /// |
| /// * There is no guarantee to the validity of `ptr`. |
| /// * The returned lifetime is not guaranteed to be the actual lifetime of |
| /// `ptr`. |
| /// * There is no guarantee that the memory pointed to by `ptr` contains a |
| /// valid nul terminator byte at the end of the string. |
| /// * It is not guaranteed that the memory pointed by `ptr` won't change |
| /// before the `CStr` has been destroyed. |
| /// |
| /// > **Note**: This operation is intended to be a 0-cost cast but it is |
| /// > currently implemented with an up-front calculation of the length of |
| /// > the string. This is not guaranteed to always be the case. |
| /// |
| pub unsafe fn from_ptr<'a>(ptr: *const c_char) -> &'a CStr { |
| let len = crate::strlen(ptr); |
| let ptr = ptr as *const u8; |
| CStr::from_bytes_with_nul_unchecked(slice::from_raw_parts(ptr, len as usize + 1)) |
| } |
| |
| /// Creates a C string wrapper from a byte slice. |
| /// |
| /// This function will cast the provided `bytes` to a `CStr` |
| /// wrapper after ensuring that the byte slice is nul-terminated |
| /// and does not contain any interior nul bytes. |
| /// |
| pub fn from_bytes_with_nul(bytes: &[u8]) -> Result<&CStr, FromBytesWithNulError> { |
| let nul_pos = memchr::memchr(0, bytes); |
| if let Some(nul_pos) = nul_pos { |
| if nul_pos + 1 != bytes.len() { |
| return Err(FromBytesWithNulError::interior_nul(nul_pos)); |
| } |
| Ok(unsafe { CStr::from_bytes_with_nul_unchecked(bytes) }) |
| } else { |
| Err(FromBytesWithNulError::not_nul_terminated()) |
| } |
| } |
| |
| /// Unsafely creates a C string wrapper from a byte slice. |
| /// |
| /// This function will cast the provided `bytes` to a `CStr` wrapper without |
| /// performing any sanity checks. The provided slice **must** be nul-terminated |
| /// and not contain any interior nul bytes. |
| /// |
| #[inline] |
| pub const unsafe fn from_bytes_with_nul_unchecked(bytes: &[u8]) -> &CStr { |
| &*(bytes as *const [u8] as *const CStr) |
| } |
| |
| /// Returns the inner pointer to this C string. |
| /// |
| /// The returned pointer will be valid for as long as `self` is, and points |
| /// to a contiguous region of memory terminated with a 0 byte to represent |
| /// the end of the string. |
| /// |
| #[inline] |
| pub const fn as_ptr(&self) -> *const c_char { |
| self.inner.as_ptr() |
| } |
| |
| /// Converts this C string to a byte slice. |
| /// |
| /// The returned slice will **not** contain the trailing nul terminator that this C |
| /// string has. |
| /// |
| /// > **Note**: This method is currently implemented as a constant-time |
| /// > cast, but it is planned to alter its definition in the future to |
| /// > perform the length calculation whenever this method is called. |
| /// |
| #[inline] |
| pub fn to_bytes(&self) -> &[u8] { |
| let bytes = self.to_bytes_with_nul(); |
| &bytes[..bytes.len() - 1] |
| } |
| |
| /// Converts this C string to a byte slice containing the trailing 0 byte. |
| /// |
| /// This function is the equivalent of [`to_bytes`] except that it will retain |
| /// the trailing nul terminator instead of chopping it off. |
| /// |
| /// > **Note**: This method is currently implemented as a 0-cost cast, but |
| /// > it is planned to alter its definition in the future to perform the |
| /// > length calculation whenever this method is called. |
| /// |
| /// [`to_bytes`]: #method.to_bytes |
| /// |
| #[inline] |
| pub fn to_bytes_with_nul(&self) -> &[u8] { |
| unsafe { &*(&self.inner as *const [c_char] as *const [u8]) } |
| } |
| |
| /// Yields a [`&str`] slice if the `CStr` contains valid UTF-8. |
| /// |
| /// If the contents of the `CStr` are valid UTF-8 data, this |
| /// function will return the corresponding [`&str`] slice. Otherwise, |
| /// it will return an error with details of where UTF-8 validation failed. |
| /// |
| /// [`&str`]: ../primitive.str.html |
| /// |
| pub fn to_str(&self) -> Result<&str, str::Utf8Error> { |
| // N.B., when `CStr` is changed to perform the length check in `.to_bytes()` |
| // instead of in `from_ptr()`, it may be worth considering if this should |
| // be rewritten to do the UTF-8 check inline with the length calculation |
| // instead of doing it afterwards. |
| str::from_utf8(self.to_bytes()) |
| } |
| |
| /// Converts a `CStr` into a [`Cow`]`<`[`str`]`>`. |
| /// |
| /// If the contents of the `CStr` are valid UTF-8 data, this |
| /// function will return a [`Cow`]`::`[`Borrowed`]`(`[`&str`]`)` |
| /// with the corresponding [`&str`] slice. Otherwise, it will |
| /// replace any invalid UTF-8 sequences with |
| /// [`U+FFFD REPLACEMENT CHARACTER`][U+FFFD] and return a |
| /// [`Cow`]`::`[`Owned`]`(`[`String`]`)` with the result. |
| /// |
| /// [`Cow`]: ../borrow/enum.Cow.html |
| /// [`Borrowed`]: ../borrow/enum.Cow.html#variant.Borrowed |
| /// [`Owned`]: ../borrow/enum.Cow.html#variant.Owned |
| /// [`str`]: ../primitive.str.html |
| /// [`String`]: ../string/struct.String.html |
| /// [U+FFFD]: ../char/constant.REPLACEMENT_CHARACTER.html |
| /// |
| pub fn to_string_lossy(&self) -> Cow<'_, str> { |
| String::from_utf8_lossy(self.to_bytes()) |
| } |
| |
| /// Converts a [`Box`]`<CStr>` into a [`CString`] without copying or allocating. |
| /// |
| /// [`Box`]: ../boxed/struct.Box.html |
| /// [`CString`]: struct.CString.html |
| /// |
| pub fn into_c_string(self: Box<CStr>) -> CString { |
| let raw = Box::into_raw(self) as *mut [u8]; |
| CString { inner: unsafe { Box::from_raw(raw) } } |
| } |
| } |
| |
| impl PartialEq for CStr { |
| fn eq(&self, other: &CStr) -> bool { |
| self.to_bytes().eq(other.to_bytes()) |
| } |
| } |
| |
| impl Eq for CStr {} |
| |
| impl PartialOrd for CStr { |
| fn partial_cmp(&self, other: &CStr) -> Option<Ordering> { |
| self.to_bytes().partial_cmp(&other.to_bytes()) |
| } |
| } |
| |
| impl Ord for CStr { |
| fn cmp(&self, other: &CStr) -> Ordering { |
| self.to_bytes().cmp(&other.to_bytes()) |
| } |
| } |
| |
| impl ToOwned for CStr { |
| type Owned = CString; |
| |
| fn to_owned(&self) -> CString { |
| CString { inner: self.to_bytes_with_nul().into() } |
| } |
| |
| fn clone_into(&self, target: &mut CString) { |
| let mut b = Vec::from(mem::take(&mut target.inner)); |
| self.to_bytes_with_nul().clone_into(&mut b); |
| target.inner = b.into_boxed_slice(); |
| } |
| } |
| |
| impl From<&CStr> for CString { |
| fn from(s: &CStr) -> CString { |
| s.to_owned() |
| } |
| } |
| |
| impl ops::Index<ops::RangeFull> for CString { |
| type Output = CStr; |
| |
| #[inline] |
| fn index(&self, _index: ops::RangeFull) -> &CStr { |
| self |
| } |
| } |
| |
| impl AsRef<CStr> for CStr { |
| #[inline] |
| fn as_ref(&self) -> &CStr { |
| self |
| } |
| } |
| |
| impl AsRef<CStr> for CString { |
| #[inline] |
| fn as_ref(&self) -> &CStr { |
| self |
| } |
| } |
| |