lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <LUCgVpZBQNex70PxHGlNVauiTqldfXpTUbd9l0tkBl4yHBQ6qWIhIQu4eZn03UG4a3jrKqt4FyL81321CSXgdISmzYnn69DejmZ-UgXJgD0=@proton.me>
Date:   Tue, 02 May 2023 18:02:59 +0000
From:   Benno Lossin <benno.lossin@...ton.me>
To:     Wedson Almeida Filho <wedsonaf@...il.com>
Cc:     Alice Ryhl <aliceryhl@...gle.com>, Miguel Ojeda <ojeda@...nel.org>,
        Alex Gaynor <alex.gaynor@...il.com>,
        Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
        Björn Roy Baron <bjorn3_gh@...tonmail.com>,
        rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
        patches@...ts.linux.dev
Subject: Re: [PATCH] rust: str: add conversion from `CStr` to `CString`

On 02.05.23 18:59, Wedson Almeida Filho wrote:
> On Tue, 2 May 2023 at 09:53, Alice Ryhl <aliceryhl@...gle.com> wrote:
>>
>> These methods can be used to copy the data in a temporary c string into
>> a separate allocation, so that it can be accessed later even if the
>> original is deallocated.
>>
>> The API in this file mirrors the standard library API for the `&str` and
>> `String` types. The `ToOwned` trait is not implemented because it
>> assumes that allocations are infallible.
>>
>> Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>
>> ---
>>   rust/kernel/str.rs | 21 +++++++++++++++++++++
>>   1 file changed, 21 insertions(+)
>>
>> diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
>> index b771310fa4a4..54935ff3a610 100644
>> --- a/rust/kernel/str.rs
>> +++ b/rust/kernel/str.rs
>> @@ -2,6 +2,7 @@
>>
>>   //! String representations.
>>
>> +use alloc::collections::TryReserveError;
>>   use alloc::vec::Vec;
>>   use core::fmt::{self, Write};
>>   use core::ops::{self, Deref, Index};
>> @@ -199,6 +200,12 @@ impl CStr {
>>       pub unsafe fn as_str_unchecked(&self) -> &str {
>>           unsafe { core::str::from_utf8_unchecked(self.as_bytes()) }
>>       }
>> +
>> +    /// Convert this [`CStr`] into a [`CString`] by allocating memory and
>> +    /// copying over the string data.
>> +    pub fn to_cstring(&self) -> Result<CString, TryReserveError> {
>> +        CString::try_from(self)
>> +    }
>>   }
>>
>>   impl fmt::Display for CStr {
>> @@ -584,6 +591,20 @@ impl Deref for CString {
>>       }
>>   }
>>
>> +impl<'a> TryFrom<&'a CStr> for CString {
>> +    type Error = TryReserveError;
> 
> Wouldn't `AllocError` make more sense? Or even Error (with ENOMEM value).
> 
> `TryReserveError` is documented as "The error type for try_reserve
> methods." -- that fact the we use a `Vec` is an implementation detail,
> I feel it's better not to leak this fact through the public API.

I agree, it should be `AllocError`. There is a `From<AllocError> for Error`
with `ENOMEM` as the value, so `AllocError` is the most compatible, since it
simply converts to `Error` via `?`.

Technically, `TryReserveError` represents two different kinds of errors:
- CapacityOverflow -- triggered when exceeding `isize::MAX` bytes of size
- AllocError -- memory allocation failed

I think it is fine to coalesce these into `AllocError`, since allocating
`isize::MAX` might as well be considered an OOM error.

With that fixed:
Reviewed-by: Benno Lossin <benno.lossin@...ton.me>

>> +
>> +    fn try_from(cstr: &'a CStr) -> Result<CString, TryReserveError> {
>> +        let len = cstr.len_with_nul();
>> +        let mut buf = Vec::try_with_capacity(len)?;
>> +        buf.try_extend_from_slice(cstr.as_bytes_with_nul())?;
>> +
>> +        // INVARIANT: The CStr and CString types have the same invariants for
>> +        // the string data, and we copied it over without changes.
>> +        Ok(CString { buf })
>> +    }
>> +}
>> +
>>   /// A convenience alias for [`core::format_args`].
>>   #[macro_export]
>>   macro_rules! fmt {
>>
>> base-commit: ea76e08f4d901a450619831a255e9e0a4c0ed162
>> --
>> 2.40.1.495.gc816e09b53d-goog
>>

-- 
Cheers,
Benno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ