pub struct CString { /* private fields */ }
Expand description
A type representing an owned, C-compatible, nul-terminated string with no nul bytes in the middle.
This type serves the purpose of being able to safely generate a C-compatible string from a Rust byte slice or vector. An instance of this type is a static guarantee that the underlying bytes contain no interior 0 bytes (“nul characters”) and that the final byte is 0 (“nul terminator”).
CString
is to &CStr
as String
is to &str
: the former
in each pair are owned strings; the latter are borrowed
references.
§Creating a CString
A CString
is created from either a byte slice or a byte vector,
or anything that implements Into<Vec<u8>>
(for
example, you can build a CString
straight out of a String
or
a &str
, since both implement that trait).
You can create a CString
from a literal with CString::from(c"Text")
.
The CString::new
method will actually check that the provided &[u8]
does not have 0 bytes in the middle, and return an error if it
finds one.
§Extracting a raw pointer to the whole C string
CString
implements an as_ptr
method through the Deref
trait. This method will give you a *const c_char
which you can
feed directly to extern functions that expect a nul-terminated
string, like C’s strdup()
. Notice that as_ptr
returns a
read-only pointer; if the C code writes to it, that causes
undefined behavior.
§Extracting a slice of the whole C string
Alternatively, you can obtain a &[u8]
slice from a
CString
with the CString::as_bytes
method. Slices produced in this
way do not contain the trailing nul terminator. This is useful
when you will be calling an extern function that takes a *const u8
argument which is not necessarily nul-terminated, plus another
argument with the length of the string — like C’s strndup()
.
You can of course get the slice’s length with its
len
method.
If you need a &[u8]
slice with the nul terminator, you
can use CString::as_bytes_with_nul
instead.
Once you have the kind of slice you need (with or without a nul
terminator), you can call the slice’s own
as_ptr
method to get a read-only raw pointer to pass to
extern functions. See the documentation for that function for a
discussion on ensuring the lifetime of the raw pointer.
§Examples
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" {
fn my_printer(s: *const c_char);
}
// We are certain that our string doesn't have 0 bytes in the middle,
// so we can .expect()
let c_to_print = CString::new("Hello, world!").expect("CString::new failed");
unsafe {
my_printer(c_to_print.as_ptr());
}
§Safety
CString
is intended for working with traditional C-style strings
(a sequence of non-nul bytes terminated by a single nul byte); the
primary use case for these kinds of strings is interoperating with C-like
code. Often you will need to transfer ownership to/from that external
code. It is strongly recommended that you thoroughly read through the
documentation of CString
before use, as improper ownership management
of CString
instances can lead to invalid memory accesses, memory leaks,
and other memory errors.
Implementations§
source§impl CString
impl CString
1.0.0 · sourcepub fn new<T: Into<Vec<u8>>>(t: T) -> Result<CString, NulError>
pub fn new<T: Into<Vec<u8>>>(t: T) -> Result<CString, NulError>
Creates a new C-compatible string from a container of bytes.
This function will consume the provided data and use the underlying bytes to construct a new string, ensuring that there is a trailing 0 byte. This trailing 0 byte will be appended by this function; the provided data should not contain any 0 bytes in it.
§Examples
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" { fn puts(s: *const c_char); }
let to_print = CString::new("Hello!").expect("CString::new failed");
unsafe {
puts(to_print.as_ptr());
}
§Errors
This function will return an error if the supplied bytes contain an
internal 0 byte. The NulError
returned will contain the bytes as well as
the position of the nul byte.
1.0.0 · sourcepub unsafe fn from_vec_unchecked(v: Vec<u8>) -> Self
pub unsafe fn from_vec_unchecked(v: Vec<u8>) -> Self
Creates a C-compatible string by consuming a byte vector, without checking for interior 0 bytes.
Trailing 0 byte will be appended by this function.
This method is equivalent to CString::new
except that no runtime
assertion is made that v
contains no 0 bytes, and it requires an
actual byte vector, not anything that can be converted to one with Into.
§Examples
1.4.0 · sourcepub unsafe fn from_raw(ptr: *mut c_char) -> CString
pub unsafe fn from_raw(ptr: *mut c_char) -> CString
Retakes ownership of a CString
that was transferred to C via
CString::into_raw
.
Additionally, the length of the string will be recalculated from the pointer.
§Safety
This should only ever be called with a pointer that was earlier
obtained by calling CString::into_raw
. Other usage (e.g., trying to take
ownership of a string that was allocated by foreign code) is likely to lead
to undefined behavior or allocator corruption.
It should be noted that the length isn’t just “recomputed,” but that
the recomputed length must match the original length from the
CString::into_raw
call. This means the CString::into_raw
/from_raw
methods should not be used when passing the string to C functions that can
modify the string’s length.
Note: If you need to borrow a string that was allocated by foreign code, use
CStr
. If you need to take ownership of a string that was allocated by foreign code, you will need to make your own provisions for freeing it appropriately, likely with the foreign code’s API to do that.
§Examples
Creates a CString
, pass ownership to an extern
function (via raw pointer), then retake
ownership with from_raw
:
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" {
fn some_extern_function(s: *mut c_char);
}
let c_string = CString::new("Hello!").expect("CString::new failed");
let raw = c_string.into_raw();
unsafe {
some_extern_function(raw);
let c_string = CString::from_raw(raw);
}
1.4.0 · sourcepub fn into_raw(self) -> *mut c_char
pub fn into_raw(self) -> *mut c_char
Consumes the CString
and transfers ownership of the string to a C caller.
The pointer which this function returns must be returned to Rust and reconstituted using
CString::from_raw
to be properly deallocated. Specifically, one
should not use the standard C free()
function to deallocate
this string.
Failure to call CString::from_raw
will lead to a memory leak.
The C side must not modify the length of the string (by writing a
nul byte somewhere inside the string or removing the final one) before
it makes it back into Rust using CString::from_raw
. See the safety section
in CString::from_raw
.
§Examples
use std::ffi::CString;
let c_string = CString::new("foo").expect("CString::new failed");
let ptr = c_string.into_raw();
unsafe {
assert_eq!(b'f', *ptr as u8);
assert_eq!(b'o', *ptr.add(1) as u8);
assert_eq!(b'o', *ptr.add(2) as u8);
assert_eq!(b'\0', *ptr.add(3) as u8);
// retake pointer to free memory
let _ = CString::from_raw(ptr);
}
1.7.0 · sourcepub fn into_string(self) -> Result<String, IntoStringError>
pub fn into_string(self) -> Result<String, IntoStringError>
Converts the CString
into a String
if it contains valid UTF-8 data.
On failure, ownership of the original CString
is returned.
§Examples
use std::ffi::CString;
let valid_utf8 = vec![b'f', b'o', b'o'];
let cstring = CString::new(valid_utf8).expect("CString::new failed");
assert_eq!(cstring.into_string().expect("into_string() call failed"), "foo");
let invalid_utf8 = vec![b'f', 0xff, b'o', b'o'];
let cstring = CString::new(invalid_utf8).expect("CString::new failed");
let err = cstring.into_string().err().expect("into_string().err() failed");
assert_eq!(err.utf8_error().valid_up_to(), 1);
1.7.0 · sourcepub fn into_bytes(self) -> Vec<u8>
pub fn into_bytes(self) -> Vec<u8>
Consumes the CString
and returns the underlying byte buffer.
The returned buffer does not contain the trailing nul terminator, and it is guaranteed to not have any interior nul bytes.
§Examples
1.7.0 · sourcepub fn into_bytes_with_nul(self) -> Vec<u8>
pub fn into_bytes_with_nul(self) -> Vec<u8>
Equivalent to CString::into_bytes()
except that the
returned vector includes the trailing nul terminator.
§Examples
1.0.0 · sourcepub fn as_bytes(&self) -> &[u8]
pub fn as_bytes(&self) -> &[u8]
Returns the contents of this CString
as a slice of bytes.
The returned slice does not contain the trailing nul
terminator, and it is guaranteed to not have any interior nul
bytes. If you need the nul terminator, use
CString::as_bytes_with_nul
instead.
§Examples
1.0.0 · sourcepub fn as_bytes_with_nul(&self) -> &[u8]
pub fn as_bytes_with_nul(&self) -> &[u8]
Equivalent to CString::as_bytes()
except that the
returned slice includes the trailing nul terminator.
§Examples
1.20.0 · sourcepub fn into_boxed_c_str(self) -> Box<CStr>
pub fn into_boxed_c_str(self) -> Box<CStr>
1.58.0 · sourcepub unsafe fn from_vec_with_nul_unchecked(v: Vec<u8>) -> Self
pub unsafe fn from_vec_with_nul_unchecked(v: Vec<u8>) -> Self
1.58.0 · sourcepub fn from_vec_with_nul(v: Vec<u8>) -> Result<Self, FromVecWithNulError>
pub fn from_vec_with_nul(v: Vec<u8>) -> Result<Self, FromVecWithNulError>
Attempts to converts a Vec<u8>
to a CString
.
Runtime checks are present to ensure there is only one nul byte in the
Vec
, its last element.
§Errors
If a nul byte is present and not the last element or no nul bytes is present, an error will be returned.
§Examples
A successful conversion will produce the same result as CString::new
when called without the ending nul byte.
use std::ffi::CString;
assert_eq!(
CString::from_vec_with_nul(b"abc\0".to_vec())
.expect("CString::from_vec_with_nul failed"),
CString::new(b"abc".to_vec()).expect("CString::new failed")
);
An incorrectly formatted Vec
will produce an error.
Methods from Deref<Target = CStr>§
1.4.0 · sourcepub fn to_string_lossy(&self) -> Cow<'_, str>
pub fn to_string_lossy(&self) -> Cow<'_, str>
Converts a CStr
into a Cow<str>
.
If the contents of the CStr
are valid UTF-8 data, this
function will return a Cow::Borrowed(&str)
with the corresponding &str
slice. Otherwise, it will
replace any invalid UTF-8 sequences with
U+FFFD REPLACEMENT CHARACTER
and return a
Cow::Owned(&str)
with the result.
§Examples
Calling to_string_lossy
on a CStr
containing valid UTF-8. The leading
c
on the string literal denotes a CStr
.
Calling to_string_lossy
on a CStr
containing invalid UTF-8:
1.0.0 · sourcepub fn as_ptr(&self) -> *const i8
pub fn as_ptr(&self) -> *const i8
Returns the inner pointer to this C string.
The returned pointer will be valid for as long as self
is, and points
to a contiguous region of memory terminated with a 0 byte to represent
the end of the string.
The type of the returned pointer is
*const c_char
, and whether it’s
an alias for *const i8
or *const u8
is platform-specific.
WARNING
The returned pointer is read-only; writing to it (including passing it to C code that writes to it) causes undefined behavior.
It is your responsibility to make sure that the underlying memory is not
freed too early. For example, the following code will cause undefined
behavior when ptr
is used inside the unsafe
block:
use std::ffi::CString;
// Do not do this:
let ptr = CString::new("Hello").expect("CString::new failed").as_ptr();
unsafe {
// `ptr` is dangling
*ptr;
}
This happens because the pointer returned by as_ptr
does not carry any
lifetime information and the CString
is deallocated immediately after
the CString::new("Hello").expect("CString::new failed").as_ptr()
expression is evaluated.
To fix the problem, bind the CString
to a local variable:
use std::ffi::CString;
let hello = CString::new("Hello").expect("CString::new failed");
let ptr = hello.as_ptr();
unsafe {
// `ptr` is valid because `hello` is in scope
*ptr;
}
This way, the lifetime of the CString
in hello
encompasses
the lifetime of ptr
and the unsafe
block.
1.79.0 · sourcepub fn count_bytes(&self) -> usize
pub fn count_bytes(&self) -> usize
Returns the length of self
. Like C’s strlen
, this does not include the nul terminator.
Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
1.71.0 · sourcepub fn is_empty(&self) -> bool
pub fn is_empty(&self) -> bool
Returns true
if self.to_bytes()
has a length of 0.
§Examples
1.0.0 · sourcepub fn to_bytes(&self) -> &[u8]
pub fn to_bytes(&self) -> &[u8]
Converts this C string to a byte slice.
The returned slice will not contain the trailing nul terminator that this C string has.
Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
1.0.0 · sourcepub fn to_bytes_with_nul(&self) -> &[u8]
pub fn to_bytes_with_nul(&self) -> &[u8]
Converts this C string to a byte slice containing the trailing 0 byte.
This function is the equivalent of CStr::to_bytes
except that it
will retain the trailing nul terminator instead of chopping it off.
Note: This method is currently implemented as a 0-cost cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
sourcepub fn bytes(&self) -> Bytes<'_>
🔬This is a nightly-only experimental API. (cstr_bytes
#112115)
pub fn bytes(&self) -> Bytes<'_>
cstr_bytes
#112115)Iterates over the bytes in this C string.
The returned iterator will not contain the trailing nul terminator that this C string has.