Skip to content

std: maintain CStringArray null-termination even if Vec::push panics#155774

Open
joboet wants to merge 1 commit intorust-lang:mainfrom
joboet:cstring_array_null
Open

std: maintain CStringArray null-termination even if Vec::push panics#155774
joboet wants to merge 1 commit intorust-lang:mainfrom
joboet:cstring_array_null

Conversation

@joboet
Copy link
Copy Markdown
Member

@joboet joboet commented Apr 25, 2026
edited by rustbot
Loading

Fixes #155748 by performing the push of the new null terminator before overwriting the previous one.

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Apr 25, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 25, 2026

r? @jhpratt

rustbot has assigned @jhpratt.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: @ChrisDenton, libs
  • @ChrisDenton, libs expanded to 7 candidates
  • Random selection from Mark-Simulacrum, jhpratt

asder8215
asder8215 reviewed Apr 25, 2026
View reviewed changes
Comment thread library/std/src/sys/process/unix/common/cstring_array.rs
@@ -35,10 +35,12 @@
/// Push an additional string to the array.
pub fn push(&mut self, item: CString) {
let argc = self.ptrs.len() - 1;
Copy link
Copy Markdown
Contributor

@asder8215 asder8215 Apr 25, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, is it possible for self.ptrs.len() to be 0/should we be worried about underflow here?

View changes since the review

Copy link
Copy Markdown
Member Author

@joboet joboet Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, since there is always at least one element (the null terminator) in the array.

asder8215
asder8215 reviewed Apr 25, 2026
View reviewed changes
Comment thread library/std/src/sys/process/unix/common/cstring_array.rs
/// Creates a new `CStringArray` with enough capacity to hold `capacity`
/// strings.
pub fn with_capacity(capacity: usize) -> Self {
let mut result = CStringArray { ptrs: Vec::with_capacity(capacity + 1) };
Copy link
Copy Markdown
Contributor

@asder8215 asder8215 Apr 25, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Never mind, I see it right here. Okay cool, our CStringArray will always have something in ptrs when creating it.

However, this does make me wonder if we should be worried about if capacity = usize::MAX here.

View changes since the review

Copy link
Copy Markdown
Member Author

@joboet joboet Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't, all uses are inside std and cannot overflow. And even if this did overflow that wouldn't be a problem since nothing depends on this capacity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@asder8215 asder8215 asder8215 left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@jhpratt jhpratt

Labels

S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Memory unsafety at libc/kernel boundary via argv overread in unix impl of std::process::Command

4 participants

@joboet @rustbot @asder8215 @jhpratt