pub struct CString { /* private fields */ }
c_str_module
#112134)Expand description
A type representing an owned, C-compatible, nul-terminated string with no nul bytes in the middle.
This type serves the purpose of being able to safely generate a C-compatible string from a Rust byte slice or vector. An instance of this type is a static guarantee that the underlying bytes contain no interior 0 bytes (โnul charactersโ) and that the final byte is 0 (โnul terminatorโ).
CString
is to &CStr
as String
is to &str
: the former
in each pair are owned strings; the latter are borrowed
references.
ยงCreating a CString
A CString
is created from either a byte slice or a byte vector,
or anything that implements Into<Vec<u8>>
(for
example, you can build a CString
straight out of a String
or
a &str
, since both implement that trait).
You can create a CString
from a literal with CString::from(c"Text")
.
The CString::new
method will actually check that the provided &[u8]
does not have 0 bytes in the middle, and return an error if it
finds one.
ยงExtracting a raw pointer to the whole C string
CString
implements an as_ptr
method through the Deref
trait. This method will give you a *const c_char
which you can
feed directly to extern functions that expect a nul-terminated
string, like Cโs strdup()
. Notice that as_ptr
returns a
read-only pointer; if the C code writes to it, that causes
undefined behavior.
ยงExtracting a slice of the whole C string
Alternatively, you can obtain a &[u8]
slice from a
CString
with the CString::as_bytes
method. Slices produced in this
way do not contain the trailing nul terminator. This is useful
when you will be calling an extern function that takes a *const u8
argument which is not necessarily nul-terminated, plus another
argument with the length of the string โ like Cโs strndup()
.
You can of course get the sliceโs length with its
len
method.
If you need a &[u8]
slice with the nul terminator, you
can use CString::as_bytes_with_nul
instead.
Once you have the kind of slice you need (with or without a nul
terminator), you can call the sliceโs own
as_ptr
method to get a read-only raw pointer to pass to
extern functions. See the documentation for that function for a
discussion on ensuring the lifetime of the raw pointer.
ยงExamples
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" {
fn my_printer(s: *const c_char);
}
// We are certain that our string doesn't have 0 bytes in the middle,
// so we can .expect()
let c_to_print = CString::new("Hello, world!").expect("CString::new failed");
unsafe {
my_printer(c_to_print.as_ptr());
}
ยงSafety
CString
is intended for working with traditional C-style strings
(a sequence of non-nul bytes terminated by a single nul byte); the
primary use case for these kinds of strings is interoperating with C-like
code. Often you will need to transfer ownership to/from that external
code. It is strongly recommended that you thoroughly read through the
documentation of CString
before use, as improper ownership management
of CString
instances can lead to invalid memory accesses, memory leaks,
and other memory errors.
Implementationsยง
Sourceยงimpl CString
impl CString
1.0.0 ยท Sourcepub fn new<T>(t: T) -> Result<CString, NulError>
pub fn new<T>(t: T) -> Result<CString, NulError>
Creates a new C-compatible string from a container of bytes.
This function will consume the provided data and use the underlying bytes to construct a new string, ensuring that there is a trailing 0 byte. This trailing 0 byte will be appended by this function; the provided data should not contain any 0 bytes in it.
ยงExamples
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" { fn puts(s: *const c_char); }
let to_print = CString::new("Hello!").expect("CString::new failed");
unsafe {
puts(to_print.as_ptr());
}
ยงErrors
This function will return an error if the supplied bytes contain an
internal 0 byte. The NulError
returned will contain the bytes as well as
the position of the nul byte.
1.0.0 ยท Sourcepub unsafe fn from_vec_unchecked(v: Vec<u8>) -> CString
pub unsafe fn from_vec_unchecked(v: Vec<u8>) -> CString
Creates a C-compatible string by consuming a byte vector, without checking for interior 0 bytes.
Trailing 0 byte will be appended by this function.
This method is equivalent to CString::new
except that no runtime
assertion is made that v
contains no 0 bytes, and it requires an
actual byte vector, not anything that can be converted to one with Into.
ยงExamples
1.4.0 ยท Sourcepub unsafe fn from_raw(ptr: *mut i8) -> CString
pub unsafe fn from_raw(ptr: *mut i8) -> CString
Retakes ownership of a CString
that was transferred to C via
CString::into_raw
.
Additionally, the length of the string will be recalculated from the pointer.
ยงSafety
This should only ever be called with a pointer that was earlier
obtained by calling CString::into_raw
. Other usage (e.g., trying to take
ownership of a string that was allocated by foreign code) is likely to lead
to undefined behavior or allocator corruption.
It should be noted that the length isnโt just โrecomputed,โ but that
the recomputed length must match the original length from the
CString::into_raw
call. This means the CString::into_raw
/from_raw
methods should not be used when passing the string to C functions that can
modify the stringโs length.
Note: If you need to borrow a string that was allocated by foreign code, use
CStr
. If you need to take ownership of a string that was allocated by foreign code, you will need to make your own provisions for freeing it appropriately, likely with the foreign codeโs API to do that.
ยงExamples
Creates a CString
, pass ownership to an extern
function (via raw pointer), then retake
ownership with from_raw
:
use std::ffi::CString;
use std::os::raw::c_char;
extern "C" {
fn some_extern_function(s: *mut c_char);
}
let c_string = CString::new("Hello!").expect("CString::new failed");
let raw = c_string.into_raw();
unsafe {
some_extern_function(raw);
let c_string = CString::from_raw(raw);
}
1.4.0 ยท Sourcepub fn into_raw(self) -> *mut i8
pub fn into_raw(self) -> *mut i8
Consumes the CString
and transfers ownership of the string to a C caller.
The pointer which this function returns must be returned to Rust and reconstituted using
CString::from_raw
to be properly deallocated. Specifically, one
should not use the standard C free()
function to deallocate
this string.
Failure to call CString::from_raw
will lead to a memory leak.
The C side must not modify the length of the string (by writing a
nul byte somewhere inside the string or removing the final one) before
it makes it back into Rust using CString::from_raw
. See the safety section
in CString::from_raw
.
ยงExamples
use std::ffi::CString;
let c_string = CString::new("foo").expect("CString::new failed");
let ptr = c_string.into_raw();
unsafe {
assert_eq!(b'f', *ptr as u8);
assert_eq!(b'o', *ptr.add(1) as u8);
assert_eq!(b'o', *ptr.add(2) as u8);
assert_eq!(b'\0', *ptr.add(3) as u8);
// retake pointer to free memory
let _ = CString::from_raw(ptr);
}
1.7.0 ยท Sourcepub fn into_string(self) -> Result<String, IntoStringError>
pub fn into_string(self) -> Result<String, IntoStringError>
Converts the CString
into a String
if it contains valid UTF-8 data.
On failure, ownership of the original CString
is returned.
ยงExamples
use std::ffi::CString;
let valid_utf8 = vec![b'f', b'o', b'o'];
let cstring = CString::new(valid_utf8).expect("CString::new failed");
assert_eq!(cstring.into_string().expect("into_string() call failed"), "foo");
let invalid_utf8 = vec![b'f', 0xff, b'o', b'o'];
let cstring = CString::new(invalid_utf8).expect("CString::new failed");
let err = cstring.into_string().err().expect("into_string().err() failed");
assert_eq!(err.utf8_error().valid_up_to(), 1);
1.7.0 ยท Sourcepub fn into_bytes(self) -> Vec<u8> โ
pub fn into_bytes(self) -> Vec<u8> โ
Consumes the CString
and returns the underlying byte buffer.
The returned buffer does not contain the trailing nul terminator, and it is guaranteed to not have any interior nul bytes.
ยงExamples
1.7.0 ยท Sourcepub fn into_bytes_with_nul(self) -> Vec<u8> โ
pub fn into_bytes_with_nul(self) -> Vec<u8> โ
Equivalent to CString::into_bytes()
except that the
returned vector includes the trailing nul terminator.
ยงExamples
1.0.0 ยท Sourcepub fn as_bytes(&self) -> &[u8] โ
pub fn as_bytes(&self) -> &[u8] โ
Returns the contents of this CString
as a slice of bytes.
The returned slice does not contain the trailing nul
terminator, and it is guaranteed to not have any interior nul
bytes. If you need the nul terminator, use
CString::as_bytes_with_nul
instead.
ยงExamples
1.0.0 ยท Sourcepub fn as_bytes_with_nul(&self) -> &[u8] โ
pub fn as_bytes_with_nul(&self) -> &[u8] โ
Equivalent to CString::as_bytes()
except that the
returned slice includes the trailing nul terminator.
ยงExamples
1.20.0 ยท Sourcepub fn into_boxed_c_str(self) -> Box<CStr>
pub fn into_boxed_c_str(self) -> Box<CStr>
1.58.0 ยท Sourcepub unsafe fn from_vec_with_nul_unchecked(v: Vec<u8>) -> CString
pub unsafe fn from_vec_with_nul_unchecked(v: Vec<u8>) -> CString
1.58.0 ยท Sourcepub fn from_vec_with_nul(v: Vec<u8>) -> Result<CString, FromVecWithNulError>
pub fn from_vec_with_nul(v: Vec<u8>) -> Result<CString, FromVecWithNulError>
Attempts to converts a Vec<u8>
to a CString
.
Runtime checks are present to ensure there is only one nul byte in the
Vec
, its last element.
ยงErrors
If a nul byte is present and not the last element or no nul bytes is present, an error will be returned.
ยงExamples
A successful conversion will produce the same result as CString::new
when called without the ending nul byte.
use std::ffi::CString;
assert_eq!(
CString::from_vec_with_nul(b"abc\0".to_vec())
.expect("CString::from_vec_with_nul failed"),
CString::new(b"abc".to_vec()).expect("CString::new failed")
);
An incorrectly formatted Vec
will produce an error.
Methods from Deref<Target = CStr>ยง
1.0.0 ยท Sourcepub fn as_ptr(&self) -> *const i8
pub fn as_ptr(&self) -> *const i8
Returns the inner pointer to this C string.
The returned pointer will be valid for as long as self
is, and points
to a contiguous region of memory terminated with a 0 byte to represent
the end of the string.
The type of the returned pointer is
*const c_char
, and whether itโs
an alias for *const i8
or *const u8
is platform-specific.
WARNING
The returned pointer is read-only; writing to it (including passing it to C code that writes to it) causes undefined behavior.
It is your responsibility to make sure that the underlying memory is not
freed too early. For example, the following code will cause undefined
behavior when ptr
is used inside the unsafe
block:
use std::ffi::CString;
// Do not do this:
let ptr = CString::new("Hello").expect("CString::new failed").as_ptr();
unsafe {
// `ptr` is dangling
*ptr;
}
This happens because the pointer returned by as_ptr
does not carry any
lifetime information and the CString
is deallocated immediately after
the CString::new("Hello").expect("CString::new failed").as_ptr()
expression is evaluated.
To fix the problem, bind the CString
to a local variable:
use std::ffi::CString;
let hello = CString::new("Hello").expect("CString::new failed");
let ptr = hello.as_ptr();
unsafe {
// `ptr` is valid because `hello` is in scope
*ptr;
}
This way, the lifetime of the CString
in hello
encompasses
the lifetime of ptr
and the unsafe
block.
1.79.0 ยท Sourcepub fn count_bytes(&self) -> usize
pub fn count_bytes(&self) -> usize
Returns the length of self
. Like Cโs strlen
, this does not include the nul terminator.
Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
ยงExamples
1.71.0 ยท Sourcepub fn is_empty(&self) -> bool
pub fn is_empty(&self) -> bool
Returns true
if self.to_bytes()
has a length of 0.
ยงExamples
1.0.0 ยท Sourcepub fn to_bytes(&self) -> &[u8] โ
pub fn to_bytes(&self) -> &[u8] โ
Converts this C string to a byte slice.
The returned slice will not contain the trailing nul terminator that this C string has.
Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
ยงExamples
1.0.0 ยท Sourcepub fn to_bytes_with_nul(&self) -> &[u8] โ
pub fn to_bytes_with_nul(&self) -> &[u8] โ
Converts this C string to a byte slice containing the trailing 0 byte.
This function is the equivalent of CStr::to_bytes
except that it
will retain the trailing nul terminator instead of chopping it off.
Note: This method is currently implemented as a 0-cost cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
ยงExamples
Sourcepub fn bytes(&self) -> Bytes<'_> โ
๐ฌThis is a nightly-only experimental API. (cstr_bytes
#112115)
pub fn bytes(&self) -> Bytes<'_> โ
cstr_bytes
#112115)Iterates over the bytes in this C string.
The returned iterator will not contain the trailing nul terminator that this C string has.
ยงExamples
1.4.0 ยท Sourcepub fn to_str(&self) -> Result<&str, Utf8Error>
pub fn to_str(&self) -> Result<&str, Utf8Error>
1.4.0 ยท Sourcepub fn to_string_lossy(&self) -> Cow<'_, str>
pub fn to_string_lossy(&self) -> Cow<'_, str>
Converts a CStr
into a Cow<str>
.
If the contents of the CStr
are valid UTF-8 data, this
function will return a Cow::Borrowed(&str)
with the corresponding &str
slice. Otherwise, it will
replace any invalid UTF-8 sequences with
U+FFFD REPLACEMENT CHARACTER
and return a
Cow::Owned(&str)
with the result.
ยงExamples
Calling to_string_lossy
on a CStr
containing valid UTF-8. The leading
c
on the string literal denotes a CStr
.
Calling to_string_lossy
on a CStr
containing invalid UTF-8: