| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 May 2023 18:02:59 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: Wedson Almeida Filho <wedsonaf@...il.com>
Cc: Alice Ryhl <aliceryhl@...gle.com>, Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>,
Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
patches@...ts.linux.dev
Subject: Re: [PATCH] rust: str: add conversion from `CStr` to `CString`
On 02.05.23 18:59, Wedson Almeida Filho wrote:
> On Tue, 2 May 2023 at 09:53, Alice Ryhl <aliceryhl@...gle.com> wrote:
>>
>> These methods can be used to copy the data in a temporary c string into
>> a separate allocation, so that it can be accessed later even if the
>> original is deallocated.
>>
>> The API in this file mirrors the standard library API for the `&str` and
>> `String` types. The `ToOwned` trait is not implemented because it
>> assumes that allocations are infallible.
>>
>> Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>
>> ---
>> rust/kernel/str.rs | 21 +++++++++++++++++++++
>> 1 file changed, 21 insertions(+)
>>
>> diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
>> index b771310fa4a4..54935ff3a610 100644
>> --- a/rust/kernel/str.rs
>> +++ b/rust/kernel/str.rs
>> @@ -2,6 +2,7 @@
>>
>> //! String representations.
>>
>> +use alloc::collections::TryReserveError;
>> use alloc::vec::Vec;
>> use core::fmt::{self, Write};
>> use core::ops::{self, Deref, Index};
>> @@ -199,6 +200,12 @@ impl CStr {
>> pub unsafe fn as_str_unchecked(&self) -> &str {
>> unsafe { core::str::from_utf8_unchecked(self.as_bytes()) }
>> }
>> +
>> + /// Convert this [`CStr`] into a [`CString`] by allocating memory and
>> + /// copying over the string data.
>> + pub fn to_cstring(&self) -> Result<CString, TryReserveError> {
>> + CString::try_from(self)
>> + }
>> }
>>
>> impl fmt::Display for CStr {
>> @@ -584,6 +591,20 @@ impl Deref for CString {
>> }
>> }
>>
>> +impl<'a> TryFrom<&'a CStr> for CString {
>> + type Error = TryReserveError;
>
> Wouldn't `AllocError` make more sense? Or even Error (with ENOMEM value).
>
> `TryReserveError` is documented as "The error type for try_reserve
> methods." -- that fact the we use a `Vec` is an implementation detail,
> I feel it's better not to leak this fact through the public API.
I agree, it should be `AllocError`. There is a `From<AllocError> for Error`
with `ENOMEM` as the value, so `AllocError` is the most compatible, since it
simply converts to `Error` via `?`.
Technically, `TryReserveError` represents two different kinds of errors:
- CapacityOverflow -- triggered when exceeding `isize::MAX` bytes of size
- AllocError -- memory allocation failed
I think it is fine to coalesce these into `AllocError`, since allocating
`isize::MAX` might as well be considered an OOM error.
With that fixed:
Reviewed-by: Benno Lossin <benno.lossin@...ton.me>
>> +
>> + fn try_from(cstr: &'a CStr) -> Result<CString, TryReserveError> {
>> + let len = cstr.len_with_nul();
>> + let mut buf = Vec::try_with_capacity(len)?;
>> + buf.try_extend_from_slice(cstr.as_bytes_with_nul())?;
>> +
>> + // INVARIANT: The CStr and CString types have the same invariants for
>> + // the string data, and we copied it over without changes.
>> + Ok(CString { buf })
>> + }
>> +}
>> +
>> /// A convenience alias for [`core::format_args`].
>> #[macro_export]
>> macro_rules! fmt {
>>
>> base-commit: ea76e08f4d901a450619831a255e9e0a4c0ed162
>> --
>> 2.40.1.495.gc816e09b53d-goog
>>
--
Cheers,
Benno
Powered by blists - more mailing lists