String builder to_cstring is unsafe #4890
Comments
|
What do you mean unsafe? It returns the contents as a valid and safe cstring, granted you don't write new stuff to it afterwards. |
|
Not if the backing buffer is full right? |
|
Ok yes, if the buffer is full, and |
Feoramund
added a commit
to Feoramund/Odin
that referenced
this issue
Feb 27, 2025
`strings.to_cstring` previously would not check if the buffer could handle the extra null byte and could lead to segmentation violations when using the resulting string in an API expecting the terminator.
Feoramund
added a commit
to Feoramund/Odin
that referenced
this issue
Feb 27, 2025
`strings.to_cstring` previously would not check if the buffer could handle the extra null byte and could lead to segmentation violations when using the resulting string in an API expecting the terminator.
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context
to_cstring in string builder is unsafe and there is no real indication that it is.
Expected Behavior
Ensures that string is always terminated or returns an error or panics.
Alternatively is renamed to, to_unsafe_cstring
Current Behavior
Worst case can provide unterminated string without the user knowing.
The text was updated successfully, but these errors were encountered: