1 use crate::LateContext;
2 use crate::LateLintPass;
3 use crate::LintContext;
4 use rustc_errors::fluent;
5 use rustc_hir::{Expr, ExprKind, PathSegment};
7 use rustc_span::{symbol::sym, ExpnKind, Span};
10 /// The `temporary_cstring_as_ptr` lint detects getting the inner pointer of
11 /// a temporary `CString`.
16 /// # #![allow(unused)]
17 /// # use std::ffi::CString;
18 /// let c_str = CString::new("foo").unwrap().as_ptr();
25 /// The inner pointer of a `CString` lives only as long as the `CString` it
26 /// points to. Getting the inner pointer of a *temporary* `CString` allows the `CString`
27 /// to be dropped at the end of the statement, as it is not being referenced as far as the typesystem
28 /// is concerned. This means outside of the statement the pointer will point to freed memory, which
29 /// causes undefined behavior if the pointer is later dereferenced.
30 pub TEMPORARY_CSTRING_AS_PTR,
32 "detects getting the inner pointer of a temporary `CString`"
35 declare_lint_pass!(TemporaryCStringAsPtr => [TEMPORARY_CSTRING_AS_PTR]);
37 fn in_macro(span: Span) -> bool {
38 if span.from_expansion() {
39 !matches!(span.ctxt().outer_expn_data().kind, ExpnKind::Desugaring(..))
45 fn first_method_call<'tcx>(
46 expr: &'tcx Expr<'tcx>,
47 ) -> Option<(&'tcx PathSegment<'tcx>, &'tcx [Expr<'tcx>])> {
48 if let ExprKind::MethodCall(path, args, _) = &expr.kind {
49 if args.iter().any(|e| e.span.from_expansion()) { None } else { Some((path, *args)) }
55 impl<'tcx> LateLintPass<'tcx> for TemporaryCStringAsPtr {
56 fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) {
57 if in_macro(expr.span) {
61 match first_method_call(expr) {
62 Some((path, args)) if path.ident.name == sym::as_ptr => {
63 let unwrap_arg = &args[0];
64 let as_ptr_span = path.ident.span;
65 match first_method_call(unwrap_arg) {
67 if path.ident.name == sym::unwrap || path.ident.name == sym::expect =>
69 let source_arg = &args[0];
70 lint_cstring_as_ptr(cx, as_ptr_span, source_arg, unwrap_arg);
80 fn lint_cstring_as_ptr(
83 source: &rustc_hir::Expr<'_>,
84 unwrap: &rustc_hir::Expr<'_>,
86 let source_type = cx.typeck_results().expr_ty(source);
87 if let ty::Adt(def, substs) = source_type.kind() {
88 if cx.tcx.is_diagnostic_item(sym::Result, def.did()) {
89 if let ty::Adt(adt, _) = substs.type_at(0).kind() {
90 if cx.tcx.is_diagnostic_item(sym::cstring_type, adt.did()) {
91 cx.struct_span_lint(TEMPORARY_CSTRING_AS_PTR, as_ptr_span, |diag| {
92 diag.build(fluent::lint::cstring_ptr)
93 .span_label(as_ptr_span, fluent::lint::as_ptr_label)
94 .span_label(unwrap.span, fluent::lint::unwrap_label)
95 .note(fluent::lint::note)
96 .help(fluent::lint::help)