Struct alloc::ffi::CString

pub struct CString { /* private fields */ }

A type representing an owned, C-compatible, nul-terminated string with no nul bytes in the middle.

This type serves the purpose of being able to safely generate a C-compatible string from a Rust byte slice or vector. An instance of this type is a static guarantee that the underlying bytes contain no interior 0 bytes (“nul characters”) and that the final byte is 0 (“nul terminator”).

CString is to &CStr as String is to &str: the former in each pair are owned strings; the latter are borrowed references.

Creating a CString

A CString is created from either a byte slice or a byte vector, or anything that implements Into<Vec<u8>> (for example, you can build a CString straight out of a String or a &str, since both implement that trait).

The CString::new method will actually check that the provided &[u8] does not have 0 bytes in the middle, and return an error if it finds one.

Extracting a raw pointer to the whole C string

CString implements an as_ptr method through the Deref trait. This method will give you a *const c_char which you can feed directly to extern functions that expect a nul-terminated string, like C’s strdup(). Notice that as_ptr returns a read-only pointer; if the C code writes to it, that causes undefined behavior.

Extracting a slice of the whole C string

Alternatively, you can obtain a &[u8] slice from a CString with the CString::as_bytes method. Slices produced in this way do not contain the trailing nul terminator. This is useful when you will be calling an extern function that takes a *const u8 argument which is not necessarily nul-terminated, plus another argument with the length of the string — like C’s strndup(). You can of course get the slice’s length with its len method.

If you need a &[u8] slice with the nul terminator, you can use CString::as_bytes_with_nul instead.

Once you have the kind of slice you need (with or without a nul terminator), you can call the slice’s own as_ptr method to get a read-only raw pointer to pass to extern functions. See the documentation for that function for a discussion on ensuring the lifetime of the raw pointer.

Examples

use std::ffi::CString;
use std::os::raw::c_char;

extern "C" {
    fn my_printer(s: *const c_char);
}

// We are certain that our string doesn't have 0 bytes in the middle,
// so we can .expect()
let c_to_print = CString::new("Hello, world!").expect("CString::new failed");
unsafe {
    my_printer(c_to_print.as_ptr());
}

Safety

CString is intended for working with traditional C-style strings (a sequence of non-nul bytes terminated by a single nul byte); the primary use case for these kinds of strings is interoperating with C-like code. Often you will need to transfer ownership to/from that external code. It is strongly recommended that you thoroughly read through the documentation of CString before use, as improper ownership management of CString instances can lead to invalid memory accesses, memory leaks, and other memory errors.

Implementations

impl CString

pub fn new<T: Into<Vec<u8>>>(t: T) -> Result<CString, NulError>

Creates a new C-compatible string from a container of bytes.

This function will consume the provided data and use the underlying bytes to construct a new string, ensuring that there is a trailing 0 byte. This trailing 0 byte will be appended by this function; the provided data should not contain any 0 bytes in it.

Examples

use std::ffi::CString;
use std::os::raw::c_char;

extern "C" { fn puts(s: *const c_char); }

let to_print = CString::new("Hello!").expect("CString::new failed");
unsafe {
    puts(to_print.as_ptr());
}

Errors

This function will return an error if the supplied bytes contain an internal 0 byte. The NulError returned will contain the bytes as well as the position of the nul byte.

pub unsafe fn from_vec_unchecked(v: Vec<u8>) -> Self

Creates a C-compatible string by consuming a byte vector, without checking for interior 0 bytes.

Trailing 0 byte will be appended by this function.

This method is equivalent to CString::new except that no runtime assertion is made that v contains no 0 bytes, and it requires an actual byte vector, not anything that can be converted to one with Into.

Examples

use std::ffi::CString;

let raw = b"foo".to_vec();
unsafe {
    let c_string = CString::from_vec_unchecked(raw);
}

pub unsafe fn from_raw(ptr: *mut c_char) -> CString

Retakes ownership of a CString that was transferred to C via CString::into_raw.

Additionally, the length of the string will be recalculated from the pointer.

Safety

This should only ever be called with a pointer that was earlier obtained by calling CString::into_raw. Other usage (e.g., trying to take ownership of a string that was allocated by foreign code) is likely to lead to undefined behavior or allocator corruption.

It should be noted that the length isn’t just “recomputed,” but that the recomputed length must match the original length from the CString::into_raw call. This means the CString::into_raw/from_raw methods should not be used when passing the string to C functions that can modify the string’s length.

Note: If you need to borrow a string that was allocated by foreign code, use CStr. If you need to take ownership of a string that was allocated by foreign code, you will need to make your own provisions for freeing it appropriately, likely with the foreign code’s API to do that.

Examples

Creates a CString, pass ownership to an extern function (via raw pointer), then retake ownership with from_raw:

use std::ffi::CString;
use std::os::raw::c_char;

extern "C" {
    fn some_extern_function(s: *mut c_char);
}

let c_string = CString::new("Hello!").expect("CString::new failed");
let raw = c_string.into_raw();
unsafe {
    some_extern_function(raw);
    let c_string = CString::from_raw(raw);
}

pub fn into_raw(self) -> *mut c_char

Consumes the CString and transfers ownership of the string to a C caller.

The pointer which this function returns must be returned to Rust and reconstituted using CString::from_raw to be properly deallocated. Specifically, one should not use the standard C free() function to deallocate this string.

Failure to call CString::from_raw will lead to a memory leak.

The C side must not modify the length of the string (by writing a nul byte somewhere inside the string or removing the final one) before it makes it back into Rust using CString::from_raw. See the safety section in CString::from_raw.

Examples

use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");

let ptr = c_string.into_raw();

unsafe {
    assert_eq!(b'f', *ptr as u8);
    assert_eq!(b'o', *ptr.add(1) as u8);
    assert_eq!(b'o', *ptr.add(2) as u8);
    assert_eq!(b'\0', *ptr.add(3) as u8);

    // retake pointer to free memory
    let _ = CString::from_raw(ptr);
}

pub fn into_string(self) -> Result<String, IntoStringError>

Converts the CString into a String if it contains valid UTF-8 data.

On failure, ownership of the original CString is returned.

Examples

use std::ffi::CString;

let valid_utf8 = vec![b'f', b'o', b'o'];
let cstring = CString::new(valid_utf8).expect("CString::new failed");
assert_eq!(cstring.into_string().expect("into_string() call failed"), "foo");

let invalid_utf8 = vec![b'f', 0xff, b'o', b'o'];
let cstring = CString::new(invalid_utf8).expect("CString::new failed");
let err = cstring.into_string().err().expect("into_string().err() failed");
assert_eq!(err.utf8_error().valid_up_to(), 1);

pub fn into_bytes(self) -> Vec<u8>

Consumes the CString and returns the underlying byte buffer.

The returned buffer does not contain the trailing nul terminator, and it is guaranteed to not have any interior nul bytes.

Examples

use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");
let bytes = c_string.into_bytes();
assert_eq!(bytes, vec![b'f', b'o', b'o']);

pub fn into_bytes_with_nul(self) -> Vec<u8>

Equivalent to CString::into_bytes() except that the returned vector includes the trailing nul terminator.

Examples

use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");
let bytes = c_string.into_bytes_with_nul();
assert_eq!(bytes, vec![b'f', b'o', b'o', b'\0']);

pub fn as_bytes(&self) -> &[u8]

Returns the contents of this CString as a slice of bytes.

The returned slice does not contain the trailing nul terminator, and it is guaranteed to not have any interior nul bytes. If you need the nul terminator, use CString::as_bytes_with_nul instead.

Examples

use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");
let bytes = c_string.as_bytes();
assert_eq!(bytes, &[b'f', b'o', b'o']);

pub fn as_bytes_with_nul(&self) -> &[u8]

Equivalent to CString::as_bytes() except that the returned slice includes the trailing nul terminator.

Examples

use std::ffi::CString;

let c_string = CString::new("foo").expect("CString::new failed");
let bytes = c_string.as_bytes_with_nul();
assert_eq!(bytes, &[b'f', b'o', b'o', b'\0']);

pub fn as_c_str(&self) -> &CStr

Extracts a CStr slice containing the entire string.

Examples

use std::ffi::{CString, CStr};

let c_string = CString::new(b"foo".to_vec()).expect("CString::new failed");
let cstr = c_string.as_c_str();
assert_eq!(cstr,
           CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed"));

pub fn into_boxed_c_str(self) -> Box<CStr>

Converts this CString into a boxed CStr.

Examples

use std::ffi::{CString, CStr};

let c_string = CString::new(b"foo".to_vec()).expect("CString::new failed");
let boxed = c_string.into_boxed_c_str();
assert_eq!(&*boxed,
           CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed"));

pub unsafe fn from_vec_with_nul_unchecked(v: Vec<u8>) -> Self

Converts a Vec<u8> to a CString without checking the invariants on the given Vec.

Safety

The given Vec must have one nul byte as its last element. This means it cannot be empty nor have any other nul byte anywhere else.

Example

use std::ffi::CString;
assert_eq!(
    unsafe { CString::from_vec_with_nul_unchecked(b"abc\0".to_vec()) },
    unsafe { CString::from_vec_unchecked(b"abc".to_vec()) }
);

pub fn from_vec_with_nul(v: Vec<u8>) -> Result<Self, FromVecWithNulError>

Attempts to converts a Vec<u8> to a CString.

Runtime checks are present to ensure there is only one nul byte in the Vec, its last element.

Errors

If a nul byte is present and not the last element or no nul bytes is present, an error will be returned.

Examples

A successful conversion will produce the same result as CString::new when called without the ending nul byte.

use std::ffi::CString;
assert_eq!(
    CString::from_vec_with_nul(b"abc\0".to_vec())
        .expect("CString::from_vec_with_nul failed"),
    CString::new(b"abc".to_vec()).expect("CString::new failed")
);

An incorrectly formatted Vec will produce an error.

use std::ffi::{CString, FromVecWithNulError};
// Interior nul byte
let _: FromVecWithNulError = CString::from_vec_with_nul(b"a\0bc".to_vec()).unwrap_err();
// No nul byte
let _: FromVecWithNulError = CString::from_vec_with_nul(b"abc".to_vec()).unwrap_err();

Methods from Deref<Target = CStr>

pub fn to_string_lossy(&self) -> Cow<'_, str>

Converts a CStr into a Cow<str>.

If the contents of the CStr are valid UTF-8 data, this function will return a Cow::Borrowed(&str) with the corresponding &str slice. Otherwise, it will replace any invalid UTF-8 sequences with U+FFFD REPLACEMENT CHARACTER and return a Cow::Owned(&str) with the result.

Examples

Calling to_string_lossy on a CStr containing valid UTF-8:

use std::borrow::Cow;
use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"Hello World\0")
                 .expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_string_lossy(), Cow::Borrowed("Hello World"));

Calling to_string_lossy on a CStr containing invalid UTF-8:

use std::borrow::Cow;
use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"Hello \xF0\x90\x80World\0")
                 .expect("CStr::from_bytes_with_nul failed");
assert_eq!(
    cstr.to_string_lossy(),
    Cow::Owned(String::from("Hello �World")) as Cow<'_, str>
);

pub fn as_ptr(&self) -> *const i8

Returns the inner pointer to this C string.

The returned pointer will be valid for as long as self is, and points to a contiguous region of memory terminated with a 0 byte to represent the end of the string.

The type of the returned pointer is *const c_char, and whether it’s an alias for *const i8 or *const u8 is platform-specific.

WARNING

The returned pointer is read-only; writing to it (including passing it to C code that writes to it) causes undefined behavior.

It is your responsibility to make sure that the underlying memory is not freed too early. For example, the following code will cause undefined behavior when ptr is used inside the unsafe block:

use std::ffi::CString;

// Do not do this:
let ptr = CString::new("Hello").expect("CString::new failed").as_ptr();
unsafe {
    // `ptr` is dangling
    *ptr;
}

This happens because the pointer returned by as_ptr does not carry any lifetime information and the CString is deallocated immediately after the CString::new("Hello").expect("CString::new failed").as_ptr() expression is evaluated. To fix the problem, bind the CString to a local variable:

use std::ffi::CString;

let hello = CString::new("Hello").expect("CString::new failed");
let ptr = hello.as_ptr();
unsafe {
    // `ptr` is valid because `hello` is in scope
    *ptr;
}

This way, the lifetime of the CString in hello encompasses the lifetime of ptr and the unsafe block.

pub fn count_bytes(&self) -> usize

🔬This is a nightly-only experimental API. (cstr_count_bytes #114441)

Returns the length of self. Like C’s strlen, this does not include the nul terminator.

Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.

Examples

#![feature(cstr_count_bytes)]

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").unwrap();
assert_eq!(cstr.count_bytes(), 3);

let cstr = CStr::from_bytes_with_nul(b"\0").unwrap();
assert_eq!(cstr.count_bytes(), 0);

pub fn is_empty(&self) -> bool

Returns true if self.to_bytes() has a length of 0.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0")?;
assert!(!cstr.is_empty());

let empty_cstr = CStr::from_bytes_with_nul(b"\0")?;
assert!(empty_cstr.is_empty());

pub fn to_bytes(&self) -> &[u8]

Converts this C string to a byte slice.

The returned slice will not contain the trailing nul terminator that this C string has.

Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes(), b"foo");

pub fn to_bytes_with_nul(&self) -> &[u8]

Converts this C string to a byte slice containing the trailing 0 byte.

This function is the equivalent of CStr::to_bytes except that it will retain the trailing nul terminator instead of chopping it off.

Note: This method is currently implemented as a 0-cost cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes_with_nul(), b"foo\0");

pub fn to_str(&self) -> Result<&str, Utf8Error>

Yields a &str slice if the CStr contains valid UTF-8.

If the contents of the CStr are valid UTF-8 data, this function will return the corresponding &str slice. Otherwise, it will return an error with details of where UTF-8 validation failed.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_str(), Ok("foo"));

Trait Implementations

impl AsRef<CStr> for CString

fn as_ref(&self) -> &CStr

Converts this type into a shared reference of the (usually inferred) input type.

impl Borrow<CStr> for CString

fn borrow(&self) -> &CStr

Immutably borrows from an owned value.

impl Clone for CString

fn clone(&self) -> CString

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CString

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for CString

fn default() -> CString

Creates an empty CString.

impl Deref for CString

type Target = CStr

The resulting type after dereferencing.

fn deref(&self) -> &CStr

Dereferences the value.

impl Drop for CString

fn drop(&mut self)

Executes the destructor for this type.

impl From<&CStr> for CString

fn from(s: &CStr) -> CString

Converts to this type from the input type.

impl<'a> From<&'a CString> for Cow<'a, CStr>

fn from(s: &'a CString) -> Cow<'a, CStr>

Converts a &CString into a borrowed Cow without copying or allocating.

impl From<Box<CStr>> for CString

fn from(s: Box<CStr>) -> CString

Converts a Box<CStr> into a CString without copying or allocating.

impl From<CString> for Arc<CStr>

fn from(s: CString) -> Arc<CStr>

Converts a CString into an Arc<CStr> by moving the CString data into a new Arc buffer.

impl From<CString> for Box<CStr>

fn from(s: CString) -> Box<CStr>

Converts a CString into a Box<CStr> without copying or allocating.

impl<'a> From<CString> for Cow<'a, CStr>

fn from(s: CString) -> Cow<'a, CStr>

Converts a CString into an owned Cow without copying or allocating.

impl From<CString> for Rc<CStr>

fn from(s: CString) -> Rc<CStr>

Converts a CString into an Rc<CStr> by moving the CString data into a new Rc buffer.

impl From<CString> for Vec<u8>

fn from(s: CString) -> Vec<u8>

Converts a CString into a Vec<u8>.

The conversion consumes the CString, and removes the terminating NUL byte.

impl<'a> From<Cow<'a, CStr>> for CString

fn from(s: Cow<'a, CStr>) -> Self

Converts a Cow<'a, CStr> into a CString, by copying the contents if they are borrowed.

impl From<Vec<NonZero<u8>>> for CString

fn from(v: Vec<NonZeroU8>) -> CString

Converts a Vec<NonZeroU8> into a CString without copying nor checking for inner nul bytes.

impl Hash for CString

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl Index<RangeFull> for CString

type Output = CStr

The returned type after indexing.

fn index(&self, _index: RangeFull) -> &CStr

Performs the indexing (container[index]) operation.

impl Ord for CString

fn cmp(&self, other: &CString) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized + PartialOrd,

Restrict a value to a certain interval.

impl PartialEq for CString

fn eq(&self, other: &CString) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for CString

fn partial_cmp(&self, other: &CString) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

This method tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

This method tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

This method tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

This method tests greater than or equal to (for self and other) and is used by the >= operator.

impl Eq for CString

impl StructuralPartialEq for CString