bjoernager/rust
bjoernager/rust
1
Fork 0
Code Activity

Rollup merge of #73963 - hellow554:unsafe_path, r=Mark-Simulacrum

Browse source 
deny(unsafe_op_in_unsafe_fn) in libstd/path.rs

The libstd/path.rs part of #73904 . Wraps the two calls to an unsafe fn Initializer::nop() in an unsafe block.
This commit is contained in:
Ralf Jung 2020-09-19 11:47:31 +02:00 committed by GitHub
commit 44be933ff7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

37
library/std/src/path.rs
View file

@ -58,6 +58,7 @@
//! [`push`]: PathBuf::push //! [`push`]: PathBuf::push
#![stable(feature = "rust1", since = "1.0.0")] #![stable(feature = "rust1", since = "1.0.0")]
#![deny(unsafe_op_in_unsafe_fn)]
#[cfg(test)] #[cfg(test)]
mod tests; mod tests;
@ -294,7 +295,8 @@ fn os_str_as_u8_slice(s: &OsStr) -> &[u8] {
unsafe { &*(s as *const OsStr as *const [u8]) } unsafe { &*(s as *const OsStr as *const [u8]) }
} }
unsafe fn u8_slice_as_os_str(s: &[u8]) -> &OsStr { unsafe fn u8_slice_as_os_str(s: &[u8]) -> &OsStr {
&*(s as *const [u8] as *const OsStr) // SAFETY: see the comment of `os_str_as_u8_slice`
unsafe { &*(s as *const [u8] as *const OsStr) }
} }
// Detect scheme on Redox // Detect scheme on Redox
@ -314,24 +316,21 @@ fn has_physical_root(s: &[u8], prefix: Option<Prefix<'_>>) -> bool {
// basic workhorse for splitting stem and extension // basic workhorse for splitting stem and extension
fn split_file_at_dot(file: &OsStr) -> (Option<&OsStr>, Option<&OsStr>) { fn split_file_at_dot(file: &OsStr) -> (Option<&OsStr>, Option<&OsStr>) {
unsafe { if os_str_as_u8_slice(file) == b".." {
if os_str_as_u8_slice(file) == b".." { return (Some(file), None);
return (Some(file), None); }
}
// The unsafety here stems from converting between &OsStr and &[u8] // The unsafety here stems from converting between &OsStr and &[u8]
// and back. This is safe to do because (1) we only look at ASCII // and back. This is safe to do because (1) we only look at ASCII
// contents of the encoding and (2) new &OsStr values are produced // contents of the encoding and (2) new &OsStr values are produced
// only from ASCII-bounded slices of existing &OsStr values. // only from ASCII-bounded slices of existing &OsStr values.
let mut iter = os_str_as_u8_slice(file).rsplitn(2, |b| *b == b'.');
let mut iter = os_str_as_u8_slice(file).rsplitn(2, |b| *b == b'.'); let after = iter.next();
let after = iter.next(); let before = iter.next();
let before = iter.next(); if before == Some(b"") {
if before == Some(b"") { (Some(file), None)
(Some(file), None) } else {
} else { unsafe { (before.map(|s| u8_slice_as_os_str(s)), after.map(|s| u8_slice_as_os_str(s))) }
(before.map(|s| u8_slice_as_os_str(s)), after.map(|s| u8_slice_as_os_str(s)))
}
} }
} }
@ -1702,7 +1701,7 @@ impl Path {
// The following (private!) function allows construction of a path from a u8 // The following (private!) function allows construction of a path from a u8
// slice, which is only safe when it is known to follow the OsStr encoding. // slice, which is only safe when it is known to follow the OsStr encoding.
unsafe fn from_u8_slice(s: &[u8]) -> &Path { unsafe fn from_u8_slice(s: &[u8]) -> &Path {
Path::new(u8_slice_as_os_str(s)) unsafe { Path::new(u8_slice_as_os_str(s)) }
} }
// The following (private!) function reveals the byte encoding used for OsStr. // The following (private!) function reveals the byte encoding used for OsStr.
fn as_u8_slice(&self) -> &[u8] { fn as_u8_slice(&self) -> &[u8] {