add stronger warning to CString::from_raw

author Alex Burka <durka42+github@gmail.com>

Fri, 26 Aug 2016 17:17:45 +0000 (13:17 -0400)

committer Alex Burka <durka42@gmail.com>

Wed, 14 Sep 2016 15:24:04 +0000 (15:24 +0000)
author Alex Burka <durka42+github@gmail.com>
Fri, 26 Aug 2016 17:17:45 +0000 (13:17 -0400)
committer Alex Burka <durka42@gmail.com>
Wed, 14 Sep 2016 15:24:04 +0000 (15:24 +0000)
diff --git a/src/libstd/ffi/c_str.rs b/src/libstd/ffi/c_str.rs

index 2d5e8c041940293a670caa2d1e55ae5d4d304704..d878514279595929872d1f1519ef32b90e23b9ba 100644 (file)
--- a/src/libstd/ffi/c_str.rs
+++ b/src/libstd/ffi/c_str.rs
@@ -228,9 +228,14 @@ pub unsafe fn from_vec_unchecked(mut v: Vec<u8>) -> CString {
  
      /// Retakes ownership of a `CString` that was transferred to C.
      ///
+    /// Additionally, the length of the string will be recalculated from the pointer.
+    ///
+    /// # Safety
+    ///
      /// This should only ever be called with a pointer that was earlier
-    /// obtained by calling `into_raw` on a `CString`. Additionally, the length
-    /// of the string will be recalculated from the pointer.
+    /// obtained by calling `into_raw` on a `CString`. Other usage (e.g. trying to take
+    /// ownership of a string that was allocated by foreign code) is likely to lead
+    /// to undefined behavior or allocator corruption.
      #[stable(feature = "cstr_memory", since = "1.4.0")]
      pub unsafe fn from_raw(ptr: *mut c_char) -> CString {
          let len = libc::strlen(ptr) + 1; // Including the NUL byte
author	Alex Burka <durka42+github@gmail.com>
	Fri, 26 Aug 2016 17:17:45 +0000 (13:17 -0400)
committer	Alex Burka <durka42@gmail.com>
	Wed, 14 Sep 2016 15:24:04 +0000 (15:24 +0000)