Struct rustix::ffi::CString

1.64.0 · source ·
pub struct CString { /* private fields */ }
Expand description

A type representing an owned, C-compatible, nul-terminated string with no nul bytes in the middle.

This type serves the purpose of being able to safely generate a C-compatible string from a Rust byte slice or vector. An instance of this type is a static guarantee that the underlying bytes contain no interior 0 bytes (“nul characters”) and that the final byte is 0 (“nul terminator”).

CString is to &CStr as String is to &str: the former in each pair are owned strings; the latter are borrowed references.

Creating a CString

A CString is created from either a byte slice or a byte vector, or anything that implements Into<Vec<u8>> (for example, you can build a CString straight out of a String or a &str, since both implement that trait).

The CString::new method will actually check that the provided &[u8] does not have 0 bytes in the middle, and return an error if it finds one.

Extracting a raw pointer to the whole C string

CString implements an as_ptr method through the Deref trait. This method will give you a *const c_char which you can feed directly to extern functions that expect a nul-terminated string, like C’s strdup(). Notice that as_ptr returns a read-only pointer; if the C code writes to it, that causes undefined behavior.

Extracting a slice of the whole C string

Alternatively, you can obtain a &[u8] slice from a CString with the CString::as_bytes method. Slices produced in this way do not contain the trailing nul terminator. This is useful when you will be calling an extern function that takes a *const u8 argument which is not necessarily nul-terminated, plus another argument with the length of the string — like C’s strndup(). You can of course get the slice’s length with its len method.

If you need a &[u8] slice with the nul terminator, you can use CString::as_bytes_with_nul instead.

Once you have the kind of slice you need (with or without a nul terminator), you can call the slice’s own as_ptr method to get a read-only raw pointer to pass to extern functions. See the documentation for that function for a discussion on ensuring the lifetime of the raw pointer.

Examples

use std::ffi::CString;
use std::os::raw::c_char;

extern "C" {
    fn my_printer(s: *const c_char);
}

// We are certain that our string doesn't have 0 bytes in the middle,
// so we can .expect()
let c_to_print = CString::new("Hello, world!").expect("CString::new failed");
unsafe {
    my_printer(c_to_print.as_ptr());
}

Safety

CString is intended for working with traditional C-style strings (a sequence of non-nul bytes terminated by a single nul byte); the primary use case for these kinds of strings is interoperating with C-like code. Often you will need to transfer ownership to/from that external code. It is strongly recommended that you thoroughly read through the documentation of CString before use, as improper ownership management of CString instances can lead to invalid memory accesses, memory leaks, and other memory errors.

Implementations§

Creates a new C-compatible string from a container of bytes.

This function will consume the provided data and use the underlying bytes to construct a new string, ensuring that there is a trailing 0 byte. This trailing 0 byte will be appended by this function; the provided data should not contain any 0 bytes in it.

Examples
use std::ffi::CString;
use std::os::raw::c_char;

extern "C" { fn puts(s: *const c_char); }

let to_print = CString::new("Hello!").expect("CString::new failed");
unsafe {
    puts(to_print.as_ptr());
}
Errors

This function will return an error if the supplied bytes contain an internal 0 byte. The NulError returned will contain the bytes as well as the position of the nul byte.

Creates a C-compatible string by consuming a byte vector, without checking for interior 0 bytes.

Trailing 0 byte will be appended by this function.

This method is equivalent to CString::new except that no runtime assertion is made that v contains no 0 bytes, and it requires an actual byte vector, not anything that can be converted to one with Into.

Examples
use std::ffi::CString;

let raw = b"foo".to_vec();
unsafe {
    let c_string = CString::from_vec_unchecked(raw);
}

Retakes ownership of a CString that was transferred to C via CString::into_raw.

Additionally, the length of the string will be recalculated from the pointer.

Safety

This should only ever be called with a pointer that was earlier obtained by calling CString::into_raw. Other usage (e.g., trying to take ownership of a string that was allocated by foreign code) is likely to lead to undefined behavior or allocator corruption.

It should be noted that the length isn’t just “recomputed,” but that the recomputed length must match the original length from the CString::into_raw call. This means the CString::into_raw/from_raw methods should not be used when passing the string to C functions that can modify the string’s length.

Note: If you need to borrow a string that was allocated by foreign code, use CStr. If you need to take ownership of a string that was allocated by foreign code, you will need to make your own provisions for freeing it appropriately, likely with the foreign code’s API to do that.

Examples

Creates a CString, pass ownership to an extern function (via raw pointer), then retake ownership with from_raw:

use std::ffi::CString;
use std::os::raw::c_char;

extern "C" {
    fn some_extern_function(s: *mut c_char);
}

let c_string = CString::new("Hello!").expect("CString::new failed");
let raw = c_string.into_raw();
unsafe {
    some_extern_function(raw);
    let c_string = CString::from_raw(raw);
}

Consumes the CString and transfers ownership of the string to a C caller.

The pointer which this function returns must be returned to Rust and reconstituted using CString::from_raw to be properly deallocated. Specifically, one should not use the standard C free() function to deallocate this string.

Failure to call CString::from_raw will lead to a memory leak.

The C side must not modify the length of the string (by writing a null somewhere inside the string or removing the final one) before it makes it back into Rust using CString::from_raw. See the safety section in CString::from_raw.

Examples
use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");

let ptr = c_string.into_raw();

unsafe {
    assert_eq!(b'f', *ptr as u8);
    assert_eq!(b'o', *ptr.add(1) as u8);
    assert_eq!(b'o', *ptr.add(2) as u8);
    assert_eq!(b'\0', *ptr.add(3) as u8);

    // retake pointer to free memory
    let _ = CString::from_raw(ptr);
}

Converts the CString into a String if it contains valid UTF-8 data.

On failure, ownership of the original CString is returned.

Examples
use std::ffi::CString;

let valid_utf8 = vec![b'f', b'o', b'o'];
let cstring = CString::new(valid_utf8).expect("CString::new failed");
assert_eq!(cstring.into_string().expect("into_string() call failed"), "foo");

let invalid_utf8 = vec![b'f', 0xff, b'o', b'o'];
let cstring = CString::new(invalid_utf8).expect("CString::new failed");
let err = cstring.into_string().err().expect("into_string().err() failed");
assert_eq!(err.utf8_error().valid_up_to(), 1);

Consumes the CString and returns the underlying byte buffer.

The returned buffer does not contain the trailing nul terminator, and it is guaranteed to not have any interior nul bytes.

Examples
use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");
let bytes = c_string.into_bytes();
assert_eq!(bytes, vec![b'f', b'o', b'o']);

Equivalent to CString::into_bytes() except that the returned vector includes the trailing nul terminator.

Examples
use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");
let bytes = c_string.into_bytes_with_nul();
assert_eq!(bytes, vec![b'f', b'o', b'o', b'\0']);

Returns the contents of this CString as a slice of bytes.

The returned slice does not contain the trailing nul terminator, and it is guaranteed to not have any interior nul bytes. If you need the nul terminator, use CString::as_bytes_with_nul instead.

Examples
use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");
let bytes = c_string.as_bytes();
assert_eq!(bytes, &[b'f', b'o', b'o']);

Equivalent to CString::as_bytes() except that the returned slice includes the trailing nul terminator.

Examples
use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");
let bytes = c_string.as_bytes_with_nul();
assert_eq!(bytes, &[b'f', b'o', b'o', b'\0']);

Extracts a CStr slice containing the entire string.

Examples
use std::ffi::{CString, CStr};

let c_string = CString::new(b"foo".to_vec()).expect("CString::new failed");
let cstr = c_string.as_c_str();
assert_eq!(cstr,
           CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed"));

Converts this CString into a boxed CStr.

Examples
use std::ffi::{CString, CStr};

let c_string = CString::new(b"foo".to_vec()).expect("CString::new failed");
let boxed = c_string.into_boxed_c_str();
assert_eq!(&*boxed,
           CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed"));

Converts a Vec<u8> to a CString without checking the invariants on the given Vec.

Safety

The given Vec must have one nul byte as its last element. This means it cannot be empty nor have any other nul byte anywhere else.

Example
use std::ffi::CString;
assert_eq!(
    unsafe { CString::from_vec_with_nul_unchecked(b"abc\0".to_vec()) },
    unsafe { CString::from_vec_unchecked(b"abc".to_vec()) }
);

Attempts to converts a Vec<u8> to a CString.

Runtime checks are present to ensure there is only one nul byte in the Vec, its last element.

Errors

If a nul byte is present and not the last element or no nul bytes is present, an error will be returned.

Examples

A successful conversion will produce the same result as CString::new when called without the ending nul byte.

use std::ffi::CString;
assert_eq!(
    CString::from_vec_with_nul(b"abc\0".to_vec())
        .expect("CString::from_vec_with_nul failed"),
    CString::new(b"abc".to_vec()).expect("CString::new failed")
);

An incorrectly formatted Vec will produce an error.

use std::ffi::{CString, FromVecWithNulError};
// Interior nul byte
let _: FromVecWithNulError = CString::from_vec_with_nul(b"a\0bc".to_vec()).unwrap_err();
// No nul byte
let _: FromVecWithNulError = CString::from_vec_with_nul(b"abc".to_vec()).unwrap_err();

Methods from Deref<Target = CStr>§

Returns the inner pointer to this C string.

The returned pointer will be valid for as long as self is, and points to a contiguous region of memory terminated with a 0 byte to represent the end of the string.

WARNING

The returned pointer is read-only; writing to it (including passing it to C code that writes to it) causes undefined behavior.

It is your responsibility to make sure that the underlying memory is not freed too early. For example, the following code will cause undefined behavior when ptr is used inside the unsafe block:

use std::ffi::CString;

let ptr = CString::new("Hello").expect("CString::new failed").as_ptr();
unsafe {
    // `ptr` is dangling
    *ptr;
}

This happens because the pointer returned by as_ptr does not carry any lifetime information and the CString is deallocated immediately after the CString::new("Hello").expect("CString::new failed").as_ptr() expression is evaluated. To fix the problem, bind the CString to a local variable:

use std::ffi::CString;

let hello = CString::new("Hello").expect("CString::new failed");
let ptr = hello.as_ptr();
unsafe {
    // `ptr` is valid because `hello` is in scope
    *ptr;
}

This way, the lifetime of the CString in hello encompasses the lifetime of ptr and the unsafe block.

🔬This is a nightly-only experimental API. (cstr_is_empty)

Returns true if self.to_bytes() has a length of 0.

Examples
#![feature(cstr_is_empty)]

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0")?;
assert!(!cstr.is_empty());

let empty_cstr = CStr::from_bytes_with_nul(b"\0")?;
assert!(empty_cstr.is_empty());

Converts this C string to a byte slice.

The returned slice will not contain the trailing nul terminator that this C string has.

Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.

Examples
use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes(), b"foo");

Converts this C string to a byte slice containing the trailing 0 byte.

This function is the equivalent of CStr::to_bytes except that it will retain the trailing nul terminator instead of chopping it off.

Note: This method is currently implemented as a 0-cost cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.

Examples
use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes_with_nul(), b"foo\0");

Yields a &str slice if the CStr contains valid UTF-8.

If the contents of the CStr are valid UTF-8 data, this function will return the corresponding &str slice. Otherwise, it will return an error with details of where UTF-8 validation failed.

Examples
use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_str(), Ok("foo"));

Converts a CStr into a Cow<str>.

If the contents of the CStr are valid UTF-8 data, this function will return a Cow::Borrowed(&str) with the corresponding &str slice. Otherwise, it will replace any invalid UTF-8 sequences with U+FFFD REPLACEMENT CHARACTER and return a Cow::Owned(&str) with the result.

Examples

Calling to_string_lossy on a CStr containing valid UTF-8:

use std::borrow::Cow;
use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"Hello World\0")
                 .expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_string_lossy(), Cow::Borrowed("Hello World"));

Calling to_string_lossy on a CStr containing invalid UTF-8:

use std::borrow::Cow;
use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"Hello \xF0\x90\x80World\0")
                 .expect("CStr::from_bytes_with_nul failed");
assert_eq!(
    cstr.to_string_lossy(),
    Cow::Owned(String::from("Hello �World")) as Cow<'_, str>
);

Trait Implementations§

Returns a view of this string as a string slice.
Returns a potentially-lossy rendering of this string as a Cow<'_, str>. Read more
Returns a view of this string as a maybe-owned CStr.
Consumes self and returns a view of this string as a maybe-owned CStr. Read more
Runs a closure with self passed in as a &CStr.
Returns a view of this string as a string slice.
Returns a potentially-lossy rendering of this string as a Cow<'_, str>. Read more
Returns a view of this string as a maybe-owned CStr.
Consumes self and returns a view of this string as a maybe-owned CStr. Read more
Runs a closure with self passed in as a &CStr.
Converts this type into a shared reference of the (usually inferred) input type.
Immutably borrows from an owned value. Read more
Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more

Creates an empty CString.

The resulting type after dereferencing.
Dereferences the value.
Executes the destructor for this type. Read more
Converts to this type from the input type.

Converts a Box<CStr> into a CString without copying or allocating.

Converts a Cow<'a, CStr> into a CString, by copying the contents if they are borrowed.

Converts a Vec<NonZeroU8> into a CString without copying nor checking for inner null bytes.

Feeds this value into the given Hasher. Read more
Feeds a slice of this type into the given Hasher. Read more
The returned type after indexing.
Performs the indexing (container[index]) operation. Read more
This method returns an Ordering between self and other. Read more
Compares and returns the maximum of two values. Read more
Compares and returns the minimum of two values. Read more
Restrict a value to a certain interval. Read more
This method tests for self and other values to be equal, and is used by ==. Read more
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more
This method returns an ordering between self and other values if one exists. Read more
This method tests less than (for self and other) and is used by the < operator. Read more
This method tests less than or equal to (for self and other) and is used by the <= operator. Read more
This method tests greater than (for self and other) and is used by the > operator. Read more
This method tests greater than or equal to (for self and other) and is used by the >= operator. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.