Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

parse_str should probably be marked as unsafe #7

Open
matklad opened this issue Jan 13, 2016 · 1 comment
Open

parse_str should probably be marked as unsafe #7

matklad opened this issue Jan 13, 2016 · 1 comment

Comments

@matklad
Copy link

matklad commented Jan 13, 2016

parse_str can violate memory safety: it can go beyond the input slice while looking for 0. The initial offset also can point outside of the slice. My understanding is that in Rust such functions should either be marked with unsafe or use assert to enforce memory safety.

@matklad
Copy link
Author

matklad commented Jan 13, 2016

Oops, I've missed the fact that input is not a slice, but just a reference to the single byte, so it is impossible to make an assertion here. Maybe input should be changed to slice, so that parse_str could be implemented without an unsafe block:

fn parse_str(input: &[u8], offset: usize) -> &str {
    let input: &[u8] = &input[offset..];
    let end = input.iter().position(|byte| *byte == 0).unwrap();
    std::str::from_utf8(&input[..end]).unwrap()
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant