Rollup merge of #36018 - durka:patch-28, r=steveklabnik

strengthen doc warning about CString::from_raw Saw unsound code using this function on IRC.
2016-09-24 00:15:43 +02:00 · 2016-09-24 00:15:43 +02:00 · f45283b93e
commit f45283b93e
parent cb1b1eef8d 0d3d23bdee
1 changed files with 7 additions and 2 deletions
--- a/src/libstd/ffi/c_str.rs
+++ b/src/libstd/ffi/c_str.rs
@ -228,9 +228,14 @@ impl CString {

    /// Retakes ownership of a `CString` that was transferred to C.
    ///
+    /// Additionally, the length of the string will be recalculated from the pointer.
+    ///
+    /// # Safety
+    ///
    /// This should only ever be called with a pointer that was earlier
-    /// obtained by calling `into_raw` on a `CString`. Additionally, the length
-    /// of the string will be recalculated from the pointer.
+    /// obtained by calling `into_raw` on a `CString`. Other usage (e.g. trying to take
+    /// ownership of a string that was allocated by foreign code) is likely to lead
+    /// to undefined behavior or allocator corruption.
    #[stable(feature = "cstr_memory", since = "1.4.0")]
    pub unsafe fn from_raw(ptr: *mut c_char) -> CString {
        let len = libc::strlen(ptr) + 1; // Including the NUL byte