Open lwz23 opened 1 week ago
ping?
Thanks for the report. I will have a look.
Thanks, please also take a look at https://github.com/astonbitecode/j4rs/issues/140, I think they are samilar : )
Fixed the unwrap of from_java_cesu8
, using Result
.
Regarding the Cstr
the to_rust_string
may indeed cause UB when it is used widely without any validation. However, this is not the case here, since validation is done implicitly. Actually there is no way to have an invalid pointer at this point.
Eg., one of the function usages is in jni_utils::string_from_jobject. You may see there a null pointer check for the passed jobject
argument and further, this function is called by to_rust_boxed where additional checks are done. The input is always a Java String and this is guaranteed to be valid.
Did you maybe notice some code flow that may result to invalid Cstr
pointer input?
You're right, I didn't notice utils
was not a pub
mod, I thought all users could call this function directly.
But since this is the case, wouldn't it be more appropriate to declare to_rust_string
as pub(crate)
? I'm not sure because I don't know much about the project.
The utils
module is not exposed publicly, so, the functions are not accessible.
Description: The to_rust_string function uses CStr::from_ptr to convert a raw pointer (*const c_char) into a CStr. However, it does not validate that the pointer meets the necessary safety requirements. This can lead to Undefined Behavior (UB) if the pointer is invalid or if it does not point to a valid null-terminated C string. https://github.com/astonbitecode/j4rs/blob/68cdc1e362050bf04972f710a20dbf91aea12ce6/rust/src/utils.rs#L29
Problem Description:
Expected Behavior: The function should validate the input pointer and ensure it points to a valid, null-terminated C string. The function should handle invalid CESU-8 data gracefully instead of panicking. Additional Notes: The current implementation assumes valid input, which makes the function unsafe. Adding proper validation will make it more robust and prevent potential crashes or undefined behavior. If performance is a concern, consider using assertions in debug builds but validating input in release builds.