| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42c3fc0c-46a8-4502-ad53-d3b886fad5e8@gmail.com>
Date: Mon, 11 Aug 2025 15:22:18 -0300
From: AI Talking about AI <aitalkingai@...il.com>
To: rust-for-linux@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/2] Rust: kernel patch series
>From 21a3d2a2dcff13f445915602c06a17af07835ee7 Mon Sep 17 00:00:00 2001
From: AI talking about AI <aitalkingai@...il.com>
Date: Thu, 7 Aug 2025 07:53:56 -0700
Subject: [PATCH 1/2] rust: mark CStr::to_str #[must_use] and update docs
Add explanation about handling UTF-8 errors and mark CStr::to_str as #[must_use] to prevent silent error ignoring. Also document safety requirements of as_str_unchecked.
Signed-off-by: AI talking about AI <aitalkingai@...il.com>
---
rust/kernel/str.rs | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
index 6c89255..290031b 100644
--- a/rust/kernel/str.rs
+++ b/rust/kernel/str.rs
@@ -37,12 +37,8 @@ impl BStr {
/// # Examples
///
/// ```
- /// # use kernel::b_str;
- /// assert_eq!(Some(b_str!("bar")), b_str!("foobar").strip_prefix(b_str!("foo")));
- /// assert_eq!(None, b_str!("foobar").strip_prefix(b_str!("bar")));
- /// assert_eq!(Some(b_str!("foobar")), b_str!("foobar").strip_prefix(b_str!("")));
- /// assert_eq!(Some(b_str!("")), b_str!("foobar").strip_prefix(b_str!("foobar")));
- /// ```
+
+///
pub fn strip_prefix(&self, pattern: impl AsRef<Self>) -> Option<&BStr> {
self.deref()
.strip_prefix(pattern.as_ref().deref())
@@ -346,7 +342,7 @@ impl CStr {
///
/// If the contents of the [`CStr`] are valid UTF-8 data, this
/// function will return the corresponding [`&str`] slice. Otherwise,
- /// it will return an error with details of where UTF-8 validation failed.
+ /// it will return an [`Err`] with details of where UTF-8 validation failed.
///
/// # Examples
///
@@ -356,7 +352,21 @@ impl CStr {
/// assert_eq!(cstr.to_str(), Ok("foo"));
/// # Ok::<(), kernel::error::Error>(())
/// ```
+
+ ///
+ /// # Errors
+ ///
+ /// This function returns an [`Err`] when the underlying bytes are not
+ /// valid UTF-8. The [`Err`] must be handled; it cannot be discarded,
+ /// as indicated by the `#[must_use]` annotation on this method.
+ ///
+ /// This method returns a [`Result`] because not all C strings contain
+ /// valid UTF-8. To avoid accidentally ignoring a failed conversion,
+ /// the return type is marked `#[must_use]`. Code that calls this
+ /// function should handle the error case explicitly (e.g. by logging or
+ /// propagating it), rather than silently discarding it.
#[inline]
+ #[must_use]
pub fn to_str(&self) -> Result<&str, core::str::Utf8Error> {
core::str::from_utf8(self.as_bytes())
}
@@ -380,7 +390,10 @@ impl CStr {
/// ```
#[inline]
pub unsafe fn as_str_unchecked(&self) -> &str {
- // SAFETY: TODO.
+ // SAFETY: The data behind `self` are bytes from a `CStr`, i.e. a NUL-terminated sequence
+ // of u8 values. `from_utf8_unchecked` requires that the byte slice be valid UTF-8; the
+ // caller of this method must therefore guarantee that the `CStr` contains valid UTF-8
+ // data before calling this function. See [`to_str`] for a checked version.
unsafe { core::str::from_utf8_unchecked(self.as_bytes()) }
}
--
2.39.5
Powered by blists - more mailing lists