Struct core::ffi::CStr

pub struct CStr { /* private fields */ }

Representation of a borrowed C string.

This type represents a borrowed reference to a nul-terminated array of bytes. It can be constructed safely from a &[u8] slice, or unsafely from a raw *const c_char. It can then be converted to a Rust &str by performing UTF-8 validation, or into an owned CString.

&CStr is to CString as &str is to String: the former in each pair are borrowed references; the latter are owned strings.

Note that this structure does not have a guaranteed layout (the repr(transparent) notwithstanding) and is not recommended to be placed in the signatures of FFI functions. Instead, safe wrappers of FFI functions may leverage the unsafe CStr::from_ptr constructor to provide a safe interface to other consumers.

Examples

Inspecting a foreign C string:

use std::ffi::CStr;
use std::os::raw::c_char;

extern "C" { fn my_string() -> *const c_char; }

unsafe {
    let slice = CStr::from_ptr(my_string());
    println!("string buffer size without nul terminator: {}", slice.to_bytes().len());
}

Passing a Rust-originating C string:

use std::ffi::{CString, CStr};
use std::os::raw::c_char;

fn work(data: &CStr) {
    extern "C" { fn work_with(data: *const c_char); }

    unsafe { work_with(data.as_ptr()) }
}

let s = CString::new("data data data data").expect("CString::new failed");
work(&s);

Converting a foreign C string into a Rust String:

use std::ffi::CStr;
use std::os::raw::c_char;

extern "C" { fn my_string() -> *const c_char; }

fn my_string_safe() -> String {
    let cstr = unsafe { CStr::from_ptr(my_string()) };
    // Get copy-on-write Cow<'_, str>, then guarantee a freshly-owned String allocation
    String::from_utf8_lossy(cstr.to_bytes()).to_string()
}

println!("string: {}", my_string_safe());

Implementations

impl CStr

pub unsafe fn from_ptr<'a>(ptr: *const c_char) -> &'a CStr

Wraps a raw C string with a safe C string wrapper.

This function will wrap the provided ptr with a CStr wrapper, which allows inspection and interoperation of non-owned C strings. The total size of the terminated buffer must be smaller than isize::MAX bytes in memory (a restriction from slice::from_raw_parts).

Safety

• The memory pointed to by ptr must contain a valid nul terminator at the end of the string.

• ptr must be valid for reads of bytes up to and including the nul terminator. This means in particular:

  • The entire memory range of this CStr must be contained within a single allocated object!
  • ptr must be non-null even for a zero-length cstr.

• The memory referenced by the returned CStr must not be mutated for the duration of lifetime 'a.

• The nul terminator must be within isize::MAX from ptr

Note: This operation is intended to be a 0-cost cast but it is currently implemented with an up-front calculation of the length of the string. This is not guaranteed to always be the case.

Caveat

The lifetime for the returned slice is inferred from its usage. To prevent accidental misuse, it’s suggested to tie the lifetime to whichever source lifetime is safe in the context, such as by providing a helper function taking the lifetime of a host value for the slice, or by explicit annotation.

Examples

use std::ffi::{c_char, CStr};

extern "C" {
    fn my_string() -> *const c_char;
}

unsafe {
    let slice = CStr::from_ptr(my_string());
    println!("string returned: {}", slice.to_str().unwrap());
}

#![feature(const_cstr_from_ptr)]

use std::ffi::{c_char, CStr};

const HELLO_PTR: *const c_char = {
    const BYTES: &[u8] = b"Hello, world!\0";
    BYTES.as_ptr().cast()
};
const HELLO: &CStr = unsafe { CStr::from_ptr(HELLO_PTR) };

pub const fn from_bytes_until_nul( bytes: &[u8] ) -> Result<&CStr, FromBytesUntilNulError>

Creates a C string wrapper from a byte slice with any number of nuls.

This method will create a CStr from any byte slice that contains at least one nul byte. Unlike with CStr::from_bytes_with_nul, the caller does not need to know where the nul byte is located.

If the first byte is a nul character, this method will return an empty CStr. If multiple nul characters are present, the CStr will end at the first one.

If the slice only has a single nul byte at the end, this method is equivalent to CStr::from_bytes_with_nul.

Examples

use std::ffi::CStr;

let mut buffer = [0u8; 16];
unsafe {
    // Here we might call an unsafe C function that writes a string
    // into the buffer.
    let buf_ptr = buffer.as_mut_ptr();
    buf_ptr.write_bytes(b'A', 8);
}
// Attempt to extract a C nul-terminated string from the buffer.
let c_str = CStr::from_bytes_until_nul(&buffer[..]).unwrap();
assert_eq!(c_str.to_str().unwrap(), "AAAAAAAA");

pub const fn from_bytes_with_nul( bytes: &[u8] ) -> Result<&Self, FromBytesWithNulError>

Creates a C string wrapper from a byte slice with exactly one nul terminator.

This function will cast the provided bytes to a CStr wrapper after ensuring that the byte slice is nul-terminated and does not contain any interior nul bytes.

If the nul byte may not be at the end, CStr::from_bytes_until_nul can be used instead.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"hello\0");
assert!(cstr.is_ok());

Creating a CStr without a trailing nul terminator is an error:

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"hello");
assert!(cstr.is_err());

Creating a CStr with an interior nul byte is an error:

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"he\0llo\0");
assert!(cstr.is_err());

pub const unsafe fn from_bytes_with_nul_unchecked(bytes: &[u8]) -> &CStr

Unsafely creates a C string wrapper from a byte slice.

This function will cast the provided bytes to a CStr wrapper without performing any sanity checks.

Safety

The provided slice must be nul-terminated and not contain any interior nul bytes.

Examples

use std::ffi::{CStr, CString};

unsafe {
    let cstring = CString::new("hello").expect("CString::new failed");
    let cstr = CStr::from_bytes_with_nul_unchecked(cstring.to_bytes_with_nul());
    assert_eq!(cstr, &*cstring);
}

pub const fn as_ptr(&self) -> *const c_char

Returns the inner pointer to this C string.

The returned pointer will be valid for as long as self is, and points to a contiguous region of memory terminated with a 0 byte to represent the end of the string.

The type of the returned pointer is *const c_char, and whether it’s an alias for *const i8 or *const u8 is platform-specific.

WARNING

The returned pointer is read-only; writing to it (including passing it to C code that writes to it) causes undefined behavior.

It is your responsibility to make sure that the underlying memory is not freed too early. For example, the following code will cause undefined behavior when ptr is used inside the unsafe block:

use std::ffi::CString;

// Do not do this:
let ptr = CString::new("Hello").expect("CString::new failed").as_ptr();
unsafe {
    // `ptr` is dangling
    *ptr;
}

This happens because the pointer returned by as_ptr does not carry any lifetime information and the CString is deallocated immediately after the CString::new("Hello").expect("CString::new failed").as_ptr() expression is evaluated. To fix the problem, bind the CString to a local variable:

use std::ffi::CString;

let hello = CString::new("Hello").expect("CString::new failed");
let ptr = hello.as_ptr();
unsafe {
    // `ptr` is valid because `hello` is in scope
    *ptr;
}

This way, the lifetime of the CString in hello encompasses the lifetime of ptr and the unsafe block.

pub fn count_bytes(&self) -> usize

🔬This is a nightly-only experimental API. (cstr_count_bytes #114441)

Returns the length of self. Like C’s strlen, this does not include the nul terminator.

Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.

Examples

#![feature(cstr_count_bytes)]

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").unwrap();
assert_eq!(cstr.count_bytes(), 3);

let cstr = CStr::from_bytes_with_nul(b"\0").unwrap();
assert_eq!(cstr.count_bytes(), 0);

pub const fn is_empty(&self) -> bool

Returns true if self.to_bytes() has a length of 0.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0")?;
assert!(!cstr.is_empty());

let empty_cstr = CStr::from_bytes_with_nul(b"\0")?;
assert!(empty_cstr.is_empty());

pub const fn to_bytes(&self) -> &[u8]

Converts this C string to a byte slice.

The returned slice will not contain the trailing nul terminator that this C string has.

Note: This method is currently implemented as a constant-time cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes(), b"foo");

pub const fn to_bytes_with_nul(&self) -> &[u8]

Converts this C string to a byte slice containing the trailing 0 byte.

This function is the equivalent of CStr::to_bytes except that it will retain the trailing nul terminator instead of chopping it off.

Note: This method is currently implemented as a 0-cost cast, but it is planned to alter its definition in the future to perform the length calculation whenever this method is called.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_bytes_with_nul(), b"foo\0");

pub const fn to_str(&self) -> Result<&str, Utf8Error>

Yields a &str slice if the CStr contains valid UTF-8.

If the contents of the CStr are valid UTF-8 data, this function will return the corresponding &str slice. Otherwise, it will return an error with details of where UTF-8 validation failed.

Examples

use std::ffi::CStr;

let cstr = CStr::from_bytes_with_nul(b"foo\0").expect("CStr::from_bytes_with_nul failed");
assert_eq!(cstr.to_str(), Ok("foo"));

Trait Implementations

impl AsRef<CStr> for CStr

fn as_ref(&self) -> &CStr

Converts this type into a shared reference of the (usually inferred) input type.

impl Debug for CStr

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for &CStr

fn default() -> Self

Returns the “default value” for a type.

impl Hash for CStr

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

impl Index<RangeFrom<usize>> for CStr

type Output = CStr

The returned type after indexing.

fn index(&self, index: RangeFrom<usize>) -> &CStr

Performs the indexing (container[index]) operation.

impl Ord for CStr

fn cmp(&self, other: &CStr) -> Ordering

This method returns an Ordering between self and other.

impl PartialEq for CStr

fn eq(&self, other: &CStr) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for CStr

fn partial_cmp(&self, other: &CStr) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

This method tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

This method tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

This method tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

This method tests greater than or equal to (for self and other) and is used by the >= operator.

impl Eq for CStr