Clarify safety concern of io::Read::read
is only relevant in unsafe code
This commit is contained in:
parent
9a767b6b9e
commit
dd56f930cc
1 changed files with 4 additions and 3 deletions
|
@ -593,7 +593,8 @@ pub trait Read {
|
|||
/// This may happen for example because fewer bytes are actually available right now
|
||||
/// (e. g. being close to end-of-file) or because read() was interrupted by a signal.
|
||||
///
|
||||
/// As this trait is safe to implement, callers cannot rely on `n <= buf.len()` for safety.
|
||||
/// As this trait is safe to implement, callers in unsafe code cannot rely on
|
||||
/// `n <= buf.len()` for safety.
|
||||
/// Extra care needs to be taken when `unsafe` functions are used to access the read bytes.
|
||||
/// Callers have to ensure that no unchecked out-of-bounds accesses are possible even if
|
||||
/// `n > buf.len()`.
|
||||
|
@ -603,8 +604,8 @@ pub trait Read {
|
|||
/// contents of `buf` being true. It is recommended that *implementations*
|
||||
/// only write data to `buf` instead of reading its contents.
|
||||
///
|
||||
/// Correspondingly, however, *callers* of this method must not assume any guarantees
|
||||
/// about how the implementation uses `buf`. The trait is safe to implement,
|
||||
/// Correspondingly, however, *callers* of this method in unsafe code must not assume
|
||||
/// any guarantees about how the implementation uses `buf`. The trait is safe to implement,
|
||||
/// so it is possible that the code that's supposed to write to the buffer might also read
|
||||
/// from it. It is your responsibility to make sure that `buf` is initialized
|
||||
/// before calling `read`. Calling `read` with an uninitialized `buf` (of the kind one
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue