Skip to content

std: maintain CStringArray null-termination even if Vec::push panics#155774

Merged
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
joboet:cstring_array_null
Apr 26, 2026
Merged

std: maintain CStringArray null-termination even if Vec::push panics#155774
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
joboet:cstring_array_null

Conversation

@joboet
Copy link
Copy Markdown
Member

@joboet joboet commented Apr 25, 2026
edited by rustbot
Loading

Fixes #155748 by performing the push of the new null terminator before overwriting the previous one.

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Apr 25, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 25, 2026

r? @jhpratt

rustbot has assigned @jhpratt.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: @ChrisDenton, libs
  • @ChrisDenton, libs expanded to 7 candidates
  • Random selection from Mark-Simulacrum, jhpratt

asder8215
asder8215 reviewed Apr 25, 2026
View reviewed changes
Comment thread library/std/src/sys/process/unix/common/cstring_array.rs
@@ -35,10 +35,12 @@
/// Push an additional string to the array.
pub fn push(&mut self, item: CString) {
let argc = self.ptrs.len() - 1;
Copy link
Copy Markdown
Contributor

@asder8215 asder8215 Apr 25, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, is it possible for self.ptrs.len() to be 0/should we be worried about underflow here?

View changes since the review

Copy link
Copy Markdown
Member Author

@joboet joboet Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, since there is always at least one element (the null terminator) in the array.

asder8215
asder8215 reviewed Apr 25, 2026
View reviewed changes
Comment thread library/std/src/sys/process/unix/common/cstring_array.rs
/// Creates a new `CStringArray` with enough capacity to hold `capacity`
/// strings.
pub fn with_capacity(capacity: usize) -> Self {
let mut result = CStringArray { ptrs: Vec::with_capacity(capacity + 1) };
Copy link
Copy Markdown
Contributor

@asder8215 asder8215 Apr 25, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Never mind, I see it right here. Okay cool, our CStringArray will always have something in ptrs when creating it.

However, this does make me wonder if we should be worried about if capacity = usize::MAX here.

View changes since the review

Copy link
Copy Markdown
Member Author

@joboet joboet Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't, all uses are inside std and cannot overflow. And even if this did overflow that wouldn't be a problem since nothing depends on this capacity.

@jhpratt
Copy link
Copy Markdown
Member

jhpratt commented Apr 26, 2026

@bors r+ rollup

@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors Bot commented Apr 26, 2026

📌 Commit bab4983 has been approved by jhpratt

It is now in the queue for this repository.

@rust-bors rust-bors Bot added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Apr 26, 2026
jhpratt added a commit to jhpratt/rust that referenced this pull request Apr 26, 2026
@jhpratt
Rollup merge of rust-lang#155774 - joboet:cstring_array_null, r=jhpratt
5f2e748 
std: maintain `CStringArray` null-termination even if `Vec::push` panics

Fixes rust-lang#155748 by performing the `push` of the new null terminator before overwriting the previous one.
@jhpratt jhpratt mentioned this pull request Apr 26, 2026
Closed
rust-bors Bot pushed a commit that referenced this pull request Apr 26, 2026
@bors
Auto merge of #155807 - jhpratt:rollup-NTcuEkl, r=jhpratt
b38b620 
Rollup of 2 pull requests

Successful merges:

 - #155750 (Document that `ManuallyDrop`'s `Box` interaction has been fixed)
 - #155774 (std: maintain `CStringArray` null-termination even if `Vec::push` panics)
@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors Bot commented Apr 26, 2026
edited
Loading

⌛ Testing commit bab4983 with merge fbaefca...

Workflow: https://github.com/rust-lang/rust/actions/runs/24952695616

rust-bors Bot pushed a commit that referenced this pull request Apr 26, 2026
@bors
Auto merge of #155774 - joboet:cstring_array_null, r=jhpratt
fbaefca 
std: maintain `CStringArray` null-termination even if `Vec::push` panics

Fixes #155748 by performing the `push` of the new null terminator before overwriting the previous one.
@JonathanBrouwer JonathanBrouwer mentioned this pull request Apr 26, 2026
Merged
@JonathanBrouwer
Copy link
Copy Markdown
Contributor

JonathanBrouwer commented Apr 26, 2026

@bors yield
Yielding to enclosing rollup

@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors Bot commented Apr 26, 2026

Auto build was cancelled. Cancelled workflows:

The next pull request likely to be tested is #155813.

rust-bors Bot pushed a commit that referenced this pull request Apr 26, 2026
@bors
Auto merge of #155813 - JonathanBrouwer:rollup-M9eCmdI, r=JonathanBro…
c7fe5e9 
…uwer

Rollup of 2 pull requests

Successful merges:

 - #155774 (std: maintain `CStringArray` null-termination even if `Vec::push` panics)
 - #155810 (Expand the initialism UCRT in rustc book)
@rust-bors rust-bors Bot merged commit e9607db into rust-lang:main Apr 26, 2026
11 of 12 checks passed
@rustbot rustbot added this to the 1.97.0 milestone Apr 26, 2026
rust-timer added a commit that referenced this pull request Apr 26, 2026
@rust-timer
Unrolled build for #155774
d9abebc 
Rollup merge of #155774 - joboet:cstring_array_null, r=jhpratt

std: maintain `CStringArray` null-termination even if `Vec::push` panics

Fixes #155748 by performing the `push` of the new null terminator before overwriting the previous one.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@asder8215 asder8215 asder8215 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@jhpratt jhpratt

Labels

S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

1.97.0

Development

Successfully merging this pull request may close these issues.

Memory unsafety at libc/kernel boundary via argv overread in unix impl of std::process::Command

5 participants

@joboet @rustbot @jhpratt @JonathanBrouwer @asder8215