/* Copyright 2018-2019 Mozilla Foundation * *LicensedundertheApacheLicense(Version2.0),ortheMITlicense, *(the"Licenses")atyouroption.Youmaynotusethisfileexceptin *compliancewithoneoftheLicenses.Youmayobtaincopiesofthe *Licensesat: * *http://www.apache.org/licenses/LICENSE-2.0 *http://opensource.org/licenses/MIT * *Unlessrequiredbyapplicablelaworagreedtoinwriting,software *distributedundertheLicensesisdistributedonan"ASIS"BASIS, *WITHOUTWARRANTIESORCONDITIONSOFANYKIND,eitherexpressorimplied. *SeetheLicensesforthespecificlanguagegoverningpermissionsand
* limitations under the Licenses. */
usecrate::FfiStr; use std::ffi::CString; use std::os::raw::c_char; use std::ptr;
/// Convert a rust string into a NUL-terminated utf-8 string suitable for passing to C, or to things /// ABI-compatible with C. /// /// Important: This string must eventually be freed. You may either do that using the /// [`destroy_c_string`] method (or, if you must, by dropping the underlying [`std::ffi::CString`] /// after recovering it via [`std::ffi::CString::from_raw`]). /// /// It's common to want to allow the consumer (e.g. on the "C" side of the FFI) to be allowed to /// free this memory, and the macro [`define_string_destructor!`] may be used to do so. /// /// ## Panics /// /// This function may panic if the argument has an interior null byte. This is fairly rare, but /// is possible in theory. #[inline] pubfn rust_string_to_c(rust_string: impl Into<String>) -> *mut c_char {
CString::new(rust_string.into())
.expect("Error: Rust string contained an interior null byte.")
.into_raw()
}
/// Variant of [`rust_string_to_c`] which takes an Option, and returns null for None. #[inline] pubfn opt_rust_string_to_c(opt_rust_string: Option<impl Into<String>>) -> *mut c_char { iflet Some(s) = opt_rust_string {
rust_string_to_c(s)
} else {
ptr::null_mut()
}
}
/// Free the memory of a string created by [`rust_string_to_c`] on the rust heap. If `c_string` is /// null, this is a no-op. /// /// See the [`define_string_destructor!`] macro which may be used for exposing this function over /// the FFI. /// /// ## Safety /// /// This is inherently unsafe, since we're deallocating memory. Be sure /// /// - Nobody can use the memory after it's deallocated. /// - The memory was actually allocated on this heap (and it's not a string from the other side of /// the FFI which was allocated on e.g. the C heap). /// - If multiple separate rust libraries are in use (for example, as DLLs) in a single program, /// you must also make sure that the rust library that allocated the memory is also the one /// that frees it. /// /// See documentation for [`define_string_destructor!`], which gives a more complete overview of the /// potential issues. #[inline] pubunsafefn destroy_c_string(cstring: *mut c_char) { // we're not guaranteed to be in a place where we can complain about this beyond logging, // and there's an obvious way to handle it. if !cstring.is_null() {
drop(CString::from_raw(cstring))
}
}
/// Convert a null-terminated C string to a rust `str`. This does not take ownership of the string, /// and you should be careful about the lifetime of the resulting string. Note that strings /// containing invalid UTF-8 are replaced with the empty string (for many cases, you will want to /// use [`rust_string_from_c`] instead, which will do a lossy conversion). /// /// If you actually need an owned rust `String`, you're encouraged to use [`rust_string_from_c`], /// which, as mentioned, also behaves better in the face of invalid UTF-8. /// /// ## Safety /// /// This is unsafe because we read from a raw pointer, which may or may not be valid. /// /// We also assume `c_string` is a null terminated string, and have no way of knowing if that's /// actually true. If it's not, we'll read arbitrary memory from the heap until we see a '\0', which /// can result in a enormous number of problems. /// /// ## Panics /// /// Panics if it's argument is null, see [`opt_rust_str_from_c`] for a variant that returns None in /// this case instead. /// /// Note: This means it's forbidden to call this outside of a `call_with_result` (or something else /// that uses [`std::panic::catch_unwind`]), as it is UB to panic across the FFI boundary. #[inline] #[deprecated(since = "0.3.0", note = "Please use FfiStr::as_str instead")] pubunsafefn rust_str_from_c<'a>(c_string: *const c_char) -> &'a str {
FfiStr::from_raw(c_string).as_str()
}
/// Same as `rust_string_from_c`, but returns None if `c_string` is null instead of asserting. /// /// ## Safety /// /// This is unsafe because we read from a raw pointer, which may or may not be valid. /// /// We also assume `c_string` is a null terminated string, and have no way of knowing if that's /// actually true. If it's not, we'll read arbitrary memory from the heap until we see a '\0', which /// can result in a enormous number of problems. #[inline] #[deprecated(since = "0.3.0", note = "Please use FfiStr::as_opt_str instead")] pubunsafefn opt_rust_str_from_c<'a>(c_string: *const c_char) -> Option<&'a str> {
FfiStr::from_raw(c_string).as_opt_str()
}
/// Convert a null-terminated C into an owned rust string, replacing invalid UTF-8 with the /// unicode replacement character. /// /// ## Safety /// /// This is unsafe because we dereference a raw pointer, which may or may not be valid. /// /// We also assume `c_string` is a null terminated string, and have no way of knowing if that's /// actually true. If it's not, we'll read arbitrary memory from the heap until we see a '\0', which /// can result in a enormous number of problems. /// /// ## Panics /// /// Panics if it's argument is null. See also [`opt_rust_string_from_c`], which returns None /// instead. /// /// Note: This means it's forbidden to call this outside of a `call_with_result` (or something else /// that uses `std::panic::catch_unwind`), as it is UB to panic across the FFI boundary. #[inline] #[deprecated(since = "0.3.0", note = "Please use FfiStr::into_string instead")] pubunsafefn rust_string_from_c(c_string: *const c_char) -> String {
FfiStr::from_raw(c_string).into_string()
}
/// Same as `rust_string_from_c`, but returns None if `c_string` is null instead of asserting. /// /// ## Safety /// /// This is unsafe because we dereference a raw pointer, which may or may not be valid. /// /// We also assume `c_string` is a null terminated string, and have no way of knowing if that's /// actually true. If it's not, we'll read arbitrary memory from the heap until we see a '\0', which /// can result in a enormous number of problems. #[inline] #[deprecated(since = "0.3.0", note = "Please use FfiStr::into_opt_string instead")] pubunsafefn opt_rust_string_from_c(c_string: *const c_char) -> Option<String> {
FfiStr::from_raw(c_string).into_opt_string()
}
Messung V0.5 in Prozent
¤ Dauer der Verarbeitung: 0.17 Sekunden
(vorverarbeitet am 2026-06-18)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.