CString in alloc::ffi - Rust (original) (raw)
Struct CString
1.64.0 · Source
pub struct CString { /* private fields */ }Expand description
A type representing an owned, C-compatible, nul-terminated string with no nul bytes in the middle.
This type serves the purpose of being able to safely generate a C-compatible string from a Rust byte slice or vector. An instance of this type is a static guarantee that the underlying bytes contain no interior 0 bytes (“nul characters”) and that the final byte is 0 (“nul terminator”).
CString is to &[CStr](../../core/ffi/c%5Fstr/struct.CStr.html "struct core::ffi::c_str::CStr") as String is to &[str](../../core/primitive.str.html "str"): the former in each pair are owned strings; the latter are borrowed references.
§Creating a CString
A CString is created from either a byte slice or a byte vector, or anything that implements [Into](../../core/convert/trait.Into.html "trait core::convert::Into")<[Vec](../vec/struct.Vec.html "struct alloc::vec::Vec")<[u8](../../core/primitive.u8.html "primitive u8")>> (for example, you can build a CString straight out of a String or a &[str](../../core/primitive.str.html "str"), since both implement that trait). You can create a CString from a literal with CString::from(c"Text").
The CString::new method will actually check that the provided &[[u8](../../core/primitive.u8.html "primitive u8")]does not have 0 bytes in the middle, and return an error if it finds one.
CString implements an as_ptr method through the Dereftrait. This method will give you a *const c_char which you can feed directly to extern functions that expect a nul-terminated string, like C’s strdup(). Notice that as_ptr returns a read-only pointer; if the C code writes to it, that causes undefined behavior.
Alternatively, you can obtain a &[[u8](../../core/primitive.u8.html "primitive u8")] slice from aCString with the CString::as_bytes method. Slices produced in this way do not contain the trailing nul terminator. This is useful when you will be calling an extern function that takes a *const u8 argument which is not necessarily nul-terminated, plus another argument with the length of the string — like C’s strndup(). You can of course get the slice’s length with itslen method.
If you need a &[[u8](../../core/primitive.u8.html "primitive u8")] slice with the nul terminator, you can use CString::as_bytes_with_nul instead.
Once you have the kind of slice you need (with or without a nul terminator), you can call the slice’s ownas_ptr method to get a read-only raw pointer to pass to extern functions. See the documentation for that function for a discussion on ensuring the lifetime of the raw pointer.
§Examples
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" {
fn my_printer(s: *const c_char);
}
// We are certain that our string doesn't have 0 bytes in the middle,
// so we can .expect()
let c_to_print = CString::new("Hello, world!").expect("CString::new failed");
unsafe {
my_printer(c_to_print.as_ptr());
}§Safety
CString is intended for working with traditional C-style strings (a sequence of non-nul bytes terminated by a single nul byte); the primary use case for these kinds of strings is interoperating with C-like code. Often you will need to transfer ownership to/from that external code. It is strongly recommended that you thoroughly read through the documentation of CString before use, as improper ownership management of CString instances can lead to invalid memory accesses, memory leaks, and other memory errors.
1.0.0 · Source
Creates a new C-compatible string from a container of bytes.
This function will consume the provided data and use the underlying bytes to construct a new string, ensuring that there is a trailing 0 byte. This trailing 0 byte will be appended by this function; the provided data should _not_contain any 0 bytes in it.
§Examples
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" { fn puts(s: *const c_char); }
let to_print = CString::new("Hello!").expect("CString::new failed");
unsafe {
puts(to_print.as_ptr());
}§Errors
This function will return an error if the supplied bytes contain an internal 0 byte. The NulError returned will contain the bytes as well as the position of the nul byte.
1.0.0 · Source
Creates a C-compatible string by consuming a byte vector, without checking for interior 0 bytes.
Trailing 0 byte will be appended by this function.
This method is equivalent to CString::new except that no runtime assertion is made that v contains no 0 bytes, and it requires an actual byte vector, not anything that can be converted to one with Into.
§Examples
use std::ffi::CString;
let raw = b"foo".to_vec();
unsafe {
let c_string = CString::from_vec_unchecked(raw);
}1.4.0 · Source
Retakes ownership of a CString that was transferred to C viaCString::into_raw.
Additionally, the length of the string will be recalculated from the pointer.
§Safety
This should only ever be called with a pointer that was earlier obtained by calling CString::into_raw. Other usage (e.g., trying to take ownership of a string that was allocated by foreign code) is likely to lead to undefined behavior or allocator corruption.
It should be noted that the length isn’t just “recomputed,” but that the recomputed length must match the original length from theCString::into_raw call. This means the CString::into_raw/from_rawmethods should not be used when passing the string to C functions that can modify the string’s length.
Note: If you need to borrow a string that was allocated by foreign code, use CStr. If you need to take ownership of a string that was allocated by foreign code, you will need to make your own provisions for freeing it appropriately, likely with the foreign code’s API to do that.
§Examples
Creates a CString, pass ownership to an extern function (via raw pointer), then retake ownership with from_raw:
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" {
fn some_extern_function(s: *mut c_char);
}
let c_string = CString::from(c"Hello!");
let raw = c_string.into_raw();
unsafe {
some_extern_function(raw);
let c_string = CString::from_raw(raw);
}1.4.0 · Source
Consumes the CString and transfers ownership of the string to a C caller.
The pointer which this function returns must be returned to Rust and reconstituted usingCString::from_raw to be properly deallocated. Specifically, one should not use the standard C free() function to deallocate this string.
Failure to call CString::from_raw will lead to a memory leak.
The C side must not modify the length of the string (by writing a nul byte somewhere inside the string or removing the final one) before it makes it back into Rust using CString::from_raw. See the safety section in CString::from_raw.
§Examples
use std::ffi::CString;
let c_string = CString::from(c"foo");
let ptr = c_string.into_raw();
unsafe {
assert_eq!(b'f', *ptr as u8);
assert_eq!(b'o', *ptr.add(1) as u8);
assert_eq!(b'o', *ptr.add(2) as u8);
assert_eq!(b'\0', *ptr.add(3) as u8);
// retake pointer to free memory
let _ = CString::from_raw(ptr);
}1.7.0 · Source
Converts the CString into a String if it contains valid UTF-8 data.
On failure, ownership of the original CString is returned.
§Examples
use std::ffi::CString;
let valid_utf8 = vec![b'f', b'o', b'o'];
let cstring = CString::new(valid_utf8).expect("CString::new failed");
assert_eq!(cstring.into_string().expect("into_string() call failed"), "foo");
let invalid_utf8 = vec![b'f', 0xff, b'o', b'o'];
let cstring = CString::new(invalid_utf8).expect("CString::new failed");
let err = cstring.into_string().err().expect("into_string().err() failed");
assert_eq!(err.utf8_error().valid_up_to(), 1);1.7.0 · Source
Consumes the CString and returns the underlying byte buffer.
The returned buffer does not contain the trailing nul terminator, and it is guaranteed to not have any interior nul bytes.
§Examples
use std::ffi::CString;
let c_string = CString::from(c"foo");
let bytes = c_string.into_bytes();
assert_eq!(bytes, vec![b'f', b'o', b'o']);1.7.0 · Source
Equivalent to CString::into_bytes() except that the returned vector includes the trailing nul terminator.
§Examples
use std::ffi::CString;
let c_string = CString::from(c"foo");
let bytes = c_string.into_bytes_with_nul();
assert_eq!(bytes, vec![b'f', b'o', b'o', b'\0']);1.0.0 · Source
Returns the contents of this CString as a slice of bytes.
The returned slice does not contain the trailing nul terminator, and it is guaranteed to not have any interior nul bytes. If you need the nul terminator, useCString::as_bytes_with_nul instead.
§Examples
use std::ffi::CString;
let c_string = CString::from(c"foo");
let bytes = c_string.as_bytes();
assert_eq!(bytes, &[b'f', b'o', b'o']);1.0.0 · Source
Equivalent to CString::as_bytes() except that the returned slice includes the trailing nul terminator.
§Examples
use std::ffi::CString;
let c_string = CString::from(c"foo");
let bytes = c_string.as_bytes_with_nul();
assert_eq!(bytes, &[b'f', b'o', b'o', b'\0']);1.20.0 · Source
Extracts a CStr slice containing the entire string.
§Examples
use std::ffi::{CString, CStr};
let c_string = CString::from(c"foo");
let cstr = c_string.as_c_str();
assert_eq!(cstr,
CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed"));1.20.0 · Source
Converts this CString into a boxed CStr.
§Examples
let c_string = c"foo".to_owned();
let boxed = c_string.into_boxed_c_str();
assert_eq!(boxed.to_bytes_with_nul(), b"foo\0");1.58.0 · Source
Converts a [Vec](../vec/struct.Vec.html "struct alloc::vec::Vec")<[u8](../../core/primitive.u8.html "primitive u8")> to a CString without checking the invariants on the given Vec.
§Safety
The given Vec must have one nul byte as its last element. This means it cannot be empty nor have any other nul byte anywhere else.
§Example
use std::ffi::CString;
assert_eq!(
unsafe { CString::from_vec_with_nul_unchecked(b"abc\0".to_vec()) },
unsafe { CString::from_vec_unchecked(b"abc".to_vec()) }
);1.58.0 · Source
Attempts to converts a [Vec](../vec/struct.Vec.html "struct alloc::vec::Vec")<[u8](../../core/primitive.u8.html "primitive u8")> to a CString.
Runtime checks are present to ensure there is only one nul byte in theVec, its last element.
§Errors
If a nul byte is present and not the last element or no nul bytes is present, an error will be returned.
§Examples
A successful conversion will produce the same result as CString::newwhen called without the ending nul byte.
use std::ffi::CString;
assert_eq!(
CString::from_vec_with_nul(b"abc\0".to_vec())
.expect("CString::from_vec_with_nul failed"),
c"abc".to_owned()
);An incorrectly formatted Vec will produce an error.
use std::ffi::{CString, FromVecWithNulError};
// Interior nul byte
let _: FromVecWithNulError = CString::from_vec_with_nul(b"a\0bc".to_vec()).unwrap_err();
// No nul byte
let _: FromVecWithNulError = CString::from_vec_with_nul(b"abc".to_vec()).unwrap_err();1.4.0 · Source
Converts a CStr into a [Cow](../borrow/enum.Cow.html "enum alloc::borrow::Cow")<[str](../../core/primitive.str.html "str")>.
If the contents of the CStr are valid UTF-8 data, this function will return a [Cow](../borrow/enum.Cow.html "enum alloc::borrow::Cow")::[Borrowed](../borrow/enum.Cow.html#variant.Borrowed "variant alloc::borrow::Cow::Borrowed")(&[str](../../core/primitive.str.html "str"))with the corresponding &[str](../../core/primitive.str.html "str") slice. Otherwise, it will replace any invalid UTF-8 sequences withU+FFFD REPLACEMENT CHARACTER and return a[Cow](../borrow/enum.Cow.html "enum alloc::borrow::Cow")::[Owned](../borrow/enum.Cow.html#variant.Owned "variant alloc::borrow::Cow::Owned")(&[str](../../core/primitive.str.html "str")) with the result.
§Examples
Calling to_string_lossy on a CStr containing valid UTF-8. The leadingc on the string literal denotes a CStr.
use std::borrow::Cow;
assert_eq!(c"Hello World".to_string_lossy(), Cow::Borrowed("Hello World"));Calling to_string_lossy on a CStr containing invalid UTF-8:
use std::borrow::Cow;
assert_eq!(
c"Hello \xF0\x90\x80World".to_string_lossy(),
Cow::Owned(String::from("Hello �World")) as Cow<'_, str>
);1.0.0 · Source
Returns the inner pointer to this C string.
The returned pointer will be valid for as long as self is, and points to a contiguous region of memory terminated with a 0 byte to represent the end of the string.
The type of the returned pointer is*const c_char, and whether it’s an alias for *const i8 or *const u8 is platform-specific.
WARNING
The returned pointer is read-only; writing to it (including passing it to C code that writes to it) causes undefined behavior.
It is your responsibility to make sure that the underlying memory is not freed too early. For example, the following code will cause undefined behavior when ptr is used inside the unsafe block:
use std::ffi::CString;
// Do not do this:
let ptr = CString::new("Hello").expect("CString::new failed").as_ptr();
unsafe {
// `ptr` is dangling
*ptr;
}This happens because the pointer returned by as_ptr does not carry any lifetime information and the CString is deallocated immediately after the CString::new("Hello").expect("CString::new failed").as_ptr()expression is evaluated. To fix the problem, bind the CString to a local variable:
use std::ffi::CString;
let hello = CString::new("Hello").expect("CString::new failed");
let ptr = hello.as_ptr();
unsafe {
// `ptr` is valid because `hello` is in scope
*ptr;
}This way, the lifetime of the CString in hello encompasses the lifetime of ptr and the unsafe block.
1.79.0 · Source
Returns the length of self. Like C’s strlen, this does not include the nul terminator.
Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").unwrap();
assert_eq!(cstr.count_bytes(), 3);
let cstr = CStr::from_bytes_with_nul(b"\0").unwrap();
assert_eq!(cstr.count_bytes(), 0);1.71.0 · Source
Returns true if self.to_bytes() has a length of 0.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0")?;
assert!(!cstr.is_empty());
let empty_cstr = CStr::from_bytes_with_nul(b"\0")?;
assert!(empty_cstr.is_empty());
assert!(c"".is_empty());1.0.0 · Source
Converts this C string to a byte slice.
The returned slice will not contain the trailing nul terminator that this C string has.
Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes(), b"foo");1.0.0 · Source
Converts this C string to a byte slice containing the trailing 0 byte.
This function is the equivalent of CStr::to_bytes except that it will retain the trailing nul terminator instead of chopping it off.
Note: This method is currently implemented as a 0-cost cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes_with_nul(), b"foo\0");🔬This is a nightly-only experimental API. (cstr_bytes #112115)
Iterates over the bytes in this C string.
The returned iterator will not contain the trailing nul terminator that this C string has.
§Examples
#![feature(cstr_bytes)]
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert!(cstr.bytes().eq(*b"foo"));1.4.0 · Source
Yields a &[str](../../core/primitive.str.html "str") slice if the CStr contains valid UTF-8.
If the contents of the CStr are valid UTF-8 data, this function will return the corresponding &[str](../../core/primitive.str.html "str") slice. Otherwise, it will return an error with details of where UTF-8 validation failed.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_str(), Ok("foo"));