pub struct CStr { /* private fields */ }
Expand description
Representation of a borrowed C string.
This type represents a borrowed reference to a nul-terminated
array of bytes. It can be constructed safely from a &[u8]
slice, or unsafely from a raw *const c_char
. It can be expressed as a
literal in the form c"Hello world"
.
The CStr
can then be converted to a Rust &str
by performing
UTF-8 validation, or into an owned CString
.
&CStr
is to CString
as &str
is to String
: the former
in each pair are borrowed references; the latter are owned
strings.
Note that this structure does not have a guaranteed layout (the repr(transparent)
notwithstanding) and should not be placed in the signatures of FFI functions.
Instead, safe wrappers of FFI functions may leverage CStr::as_ptr
and the unsafe
CStr::from_ptr
constructor to provide a safe interface to other consumers.
§Examples
Inspecting a foreign C string:
use std::ffi::CStr;
use std::os::raw::c_char;
extern "C" { fn my_string() -> *const c_char; }
unsafe {
let slice = CStr::from_ptr(my_string());
println!("string buffer size without nul terminator: {}", slice.to_bytes().len());
}
Passing a Rust-originating C string:
use std::ffi::{CString, CStr};
use std::os::raw::c_char;
fn work(data: &CStr) {
extern "C" { fn work_with(data: *const c_char); }
unsafe { work_with(data.as_ptr()) }
}
let s = CString::new("data data data data").expect("CString::new failed");
work(&s);
Converting a foreign C string into a Rust String
:
use std::ffi::CStr;
use std::os::raw::c_char;
extern "C" { fn my_string() -> *const c_char; }
fn my_string_safe() -> String {
let cstr = unsafe { CStr::from_ptr(my_string()) };
// Get copy-on-write Cow<'_, str>, then guarantee a freshly-owned String allocation
String::from_utf8_lossy(cstr.to_bytes()).to_string()
}
println!("string: {}", my_string_safe());
Implementations§
Source§impl CStr
impl CStr
1.0.0 (const: 1.81.0) · Sourcepub const unsafe fn from_ptr<'a>(ptr: *const i8) -> &'a CStr
pub const unsafe fn from_ptr<'a>(ptr: *const i8) -> &'a CStr
Wraps a raw C string with a safe C string wrapper.
This function will wrap the provided ptr
with a CStr
wrapper, which
allows inspection and interoperation of non-owned C strings. The total
size of the terminated buffer must be smaller than isize::MAX
bytes
in memory (a restriction from slice::from_raw_parts
).
§Safety
-
The memory pointed to by
ptr
must contain a valid nul terminator at the end of the string. -
ptr
must be valid for reads of bytes up to and including the nul terminator. This means in particular:- The entire memory range of this
CStr
must be contained within a single allocated object! ptr
must be non-null even for a zero-length cstr.
- The entire memory range of this
-
The memory referenced by the returned
CStr
must not be mutated for the duration of lifetime'a
. -
The nul terminator must be within
isize::MAX
fromptr
Note: This operation is intended to be a 0-cost cast but it is currently implemented with an up-front calculation of the length of the string. This is not guaranteed to always be the case.
§Caveat
The lifetime for the returned slice is inferred from its usage. To prevent accidental misuse, it’s suggested to tie the lifetime to whichever source lifetime is safe in the context, such as by providing a helper function taking the lifetime of a host value for the slice, or by explicit annotation.
§Examples
use std::ffi::{c_char, CStr};
fn my_string() -> *const c_char {
c"hello".as_ptr()
}
unsafe {
let slice = CStr::from_ptr(my_string());
assert_eq!(slice.to_str().unwrap(), "hello");
}
use std::ffi::{c_char, CStr};
const HELLO_PTR: *const c_char = {
const BYTES: &[u8] = b"Hello, world!\0";
BYTES.as_ptr().cast()
};
const HELLO: &CStr = unsafe { CStr::from_ptr(HELLO_PTR) };
assert_eq!(c"Hello, world!", HELLO);
1.69.0 (const: 1.69.0) · Sourcepub const fn from_bytes_until_nul(
bytes: &[u8],
) -> Result<&CStr, FromBytesUntilNulError>
pub const fn from_bytes_until_nul( bytes: &[u8], ) -> Result<&CStr, FromBytesUntilNulError>
Creates a C string wrapper from a byte slice with any number of nuls.
This method will create a CStr
from any byte slice that contains at
least one nul byte. Unlike with CStr::from_bytes_with_nul
, the caller
does not need to know where the nul byte is located.
If the first byte is a nul character, this method will return an
empty CStr
. If multiple nul characters are present, the CStr
will
end at the first one.
If the slice only has a single nul byte at the end, this method is
equivalent to CStr::from_bytes_with_nul
.
§Examples
use std::ffi::CStr;
let mut buffer = [0u8; 16];
unsafe {
// Here we might call an unsafe C function that writes a string
// into the buffer.
let buf_ptr = buffer.as_mut_ptr();
buf_ptr.write_bytes(b'A', 8);
}
// Attempt to extract a C nul-terminated string from the buffer.
let c_str = CStr::from_bytes_until_nul(&buffer[..]).unwrap();
assert_eq!(c_str.to_str().unwrap(), "AAAAAAAA");
1.10.0 (const: 1.72.0) · Sourcepub const fn from_bytes_with_nul(
bytes: &[u8],
) -> Result<&CStr, FromBytesWithNulError>
pub const fn from_bytes_with_nul( bytes: &[u8], ) -> Result<&CStr, FromBytesWithNulError>
Creates a C string wrapper from a byte slice with exactly one nul terminator.
This function will cast the provided bytes
to a CStr
wrapper after ensuring that the byte slice is nul-terminated
and does not contain any interior nul bytes.
If the nul byte may not be at the end,
CStr::from_bytes_until_nul
can be used instead.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"hello\0");
assert!(cstr.is_ok());
Creating a CStr
without a trailing nul terminator is an error:
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"hello");
assert!(cstr.is_err());
Creating a CStr
with an interior nul byte is an error:
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"he\0llo\0");
assert!(cstr.is_err());
1.10.0 (const: 1.59.0) · Sourcepub const unsafe fn from_bytes_with_nul_unchecked(bytes: &[u8]) -> &CStr
pub const unsafe fn from_bytes_with_nul_unchecked(bytes: &[u8]) -> &CStr
Unsafely creates a C string wrapper from a byte slice.
This function will cast the provided bytes
to a CStr
wrapper without
performing any sanity checks.
§Safety
The provided slice must be nul-terminated and not contain any interior nul bytes.
§Examples
use std::ffi::{CStr, CString};
unsafe {
let cstring = CString::new("hello").expect("CString::new failed");
let cstr = CStr::from_bytes_with_nul_unchecked(cstring.to_bytes_with_nul());
assert_eq!(cstr, &*cstring);
}
1.0.0 (const: 1.32.0) · Sourcepub const fn as_ptr(&self) -> *const i8
pub const fn as_ptr(&self) -> *const i8
Returns the inner pointer to this C string.
The returned pointer will be valid for as long as self
is, and points
to a contiguous region of memory terminated with a 0 byte to represent
the end of the string.
The type of the returned pointer is
*const c_char
, and whether it’s
an alias for *const i8
or *const u8
is platform-specific.
WARNING
The returned pointer is read-only; writing to it (including passing it to C code that writes to it) causes undefined behavior.
It is your responsibility to make sure that the underlying memory is not
freed too early. For example, the following code will cause undefined
behavior when ptr
is used inside the unsafe
block:
use std::ffi::CString;
// Do not do this:
let ptr = CString::new("Hello").expect("CString::new failed").as_ptr();
unsafe {
// `ptr` is dangling
*ptr;
}
This happens because the pointer returned by as_ptr
does not carry any
lifetime information and the CString
is deallocated immediately after
the CString::new("Hello").expect("CString::new failed").as_ptr()
expression is evaluated.
To fix the problem, bind the CString
to a local variable:
use std::ffi::CString;
let hello = CString::new("Hello").expect("CString::new failed");
let ptr = hello.as_ptr();
unsafe {
// `ptr` is valid because `hello` is in scope
*ptr;
}
This way, the lifetime of the CString
in hello
encompasses
the lifetime of ptr
and the unsafe
block.
1.79.0 (const: 1.81.0) · Sourcepub const fn count_bytes(&self) -> usize
pub const fn count_bytes(&self) -> usize
Returns the length of self
. Like C’s strlen
, this does not include the nul terminator.
Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").unwrap();
assert_eq!(cstr.count_bytes(), 3);
let cstr = CStr::from_bytes_with_nul(b"\0").unwrap();
assert_eq!(cstr.count_bytes(), 0);
1.71.0 (const: 1.71.0) · Sourcepub const fn is_empty(&self) -> bool
pub const fn is_empty(&self) -> bool
Returns true
if self.to_bytes()
has a length of 0.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0")?;
assert!(!cstr.is_empty());
let empty_cstr = CStr::from_bytes_with_nul(b"\0")?;
assert!(empty_cstr.is_empty());
assert!(c"".is_empty());
1.0.0 (const: 1.72.0) · Sourcepub const fn to_bytes(&self) -> &[u8]
pub const fn to_bytes(&self) -> &[u8]
Converts this C string to a byte slice.
The returned slice will not contain the trailing nul terminator that this C string has.
Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes(), b"foo");
1.0.0 (const: 1.72.0) · Sourcepub const fn to_bytes_with_nul(&self) -> &[u8]
pub const fn to_bytes_with_nul(&self) -> &[u8]
Converts this C string to a byte slice containing the trailing 0 byte.
This function is the equivalent of CStr::to_bytes
except that it
will retain the trailing nul terminator instead of chopping it off.
Note: This method is currently implemented as a 0-cost cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes_with_nul(), b"foo\0");
Sourcepub fn bytes(&self) -> Bytes<'_> ⓘ
🔬This is a nightly-only experimental API. (cstr_bytes
)
pub fn bytes(&self) -> Bytes<'_> ⓘ
cstr_bytes
)Iterates over the bytes in this C string.
The returned iterator will not contain the trailing nul terminator that this C string has.
§Examples
#![feature(cstr_bytes)]
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert!(cstr.bytes().eq(*b"foo"));
1.4.0 (const: 1.72.0) · Sourcepub const fn to_str(&self) -> Result<&str, Utf8Error>
pub const fn to_str(&self) -> Result<&str, Utf8Error>
Yields a &str
slice if the CStr
contains valid UTF-8.
If the contents of the CStr
are valid UTF-8 data, this
function will return the corresponding &str
slice. Otherwise,
it will return an error with details of where UTF-8 validation failed.
§Examples
use std::ffi::CStr;
let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_str(), Ok("foo"));