From 57eed53041b9485d7c30d5601d3aacd266bd7819 Mon Sep 17 00:00:00 2001 From: Steve Klabnik Date: Thu, 2 Jul 2015 13:00:58 -0400 Subject: [PATCH] Add more description for from_raw_parts's unsafety Fixes #26737. --- src/libcollections/string.rs | 9 +++++++-- src/libcollections/vec.rs | 12 +++++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/libcollections/string.rs b/src/libcollections/string.rs index 6e37a5731b384..6b20d6e2a3f9b 100644 --- a/src/libcollections/string.rs +++ b/src/libcollections/string.rs @@ -317,9 +317,14 @@ impl String { /// Creates a new `String` from a length, capacity, and pointer. /// - /// This is unsafe because: + /// # Unsafety /// - /// * We call `Vec::from_raw_parts` to get a `Vec`; + /// This is _very_ unsafe because: + /// + /// * We call `Vec::from_raw_parts` to get a `Vec`. Therefore, this + /// function inherits all of its unsafety, see [its + /// documentation](../vec/struct.Vec.html#method.from_raw_parts) + /// for the invariants it expects, they also apply to this function. /// * We assume that the `Vec` contains valid UTF-8. #[inline] #[stable(feature = "rust1", since = "1.0.0")] diff --git a/src/libcollections/vec.rs b/src/libcollections/vec.rs index 4ea26509fd9e8..5b326b1a5b0ac 100644 --- a/src/libcollections/vec.rs +++ b/src/libcollections/vec.rs @@ -227,7 +227,17 @@ impl Vec { /// Creates a `Vec` directly from the raw components of another vector. /// - /// This is highly unsafe, due to the number of invariants that aren't checked. + /// # Unsafety + /// + /// This is highly unsafe, due to the number of invariants that aren't + /// checked: + /// + /// * `ptr` needs to have been previously allocated via `String`/`Vec` + /// (at least, it's highly likely to be incorrect if it wasn't). + /// * `capacity` needs to be the capacity that the pointer was allocated with. + /// + /// Violating these may cause problems like corrupting the allocator's + /// internal datastructures. /// /// # Examples ///