Rollup merge of #64069 - danielhenrymantilla:feature/cstring_from_vec_of_nonzerou8, r=KodrAus
Added From<Vec<NonZeroU8>> for CString
Added a `From<Vec<NonZeroU8>>` `impl` for `CString`
# Rationale
- `CString::from_vec_unchecked` is a subtle function, that makes `unsafe` code harder to audit when the generated `Vec`'s creation is non-trivial. This `impl` allows to write safer `unsafe` code thanks to the very explicit semantics of the `Vec<NonZeroU8>` type.
- One such situation is when trying to `.read()` a `CString`, see issue #59229.
- this lead to a PR: #59314, that was closed for being too specific / narrow (it only targetted being able to `.read()` a `CString`, when this pattern could have been generalized).
- the issue suggested another route, based on `From<Vec<NonZeroU8>>`, which is indeed a less general and more concise code pattern.
- quoting @shnatsel:
- > For me the main thing about making this safe is simplifying auditing - people have spent like an hour looking at just this one unsafe block in libflate because it's not clear what exactly is unchecked, so you have to look it up when auditing anyway. This has distracted us from much more serious memory safety issues the library had.
Having this trivial impl in stdlib would turn this into safe code with compiler more or less guaranteeing that it's fine, and save anyone auditing the code a whole lot of time.
projects / rust.git / commit