Skip to content

Make convert_while_ascii unsafe#155305

Merged
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
Zoxc:ub-issue-2
Apr 17, 2026
Merged

Make convert_while_ascii unsafe#155305
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
Zoxc:ub-issue-2

Conversation

@Zoxc
Copy link
Copy Markdown
Contributor

@Zoxc Zoxc commented Apr 14, 2026

convert_while_ascii assumes convert only returns ASCII to ensure the output remains valid UTF-8. This adds that requirement as a safety precondition.

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Apr 14, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 14, 2026

r? @ibraheemdev

rustbot has assigned @ibraheemdev.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: libs
  • libs expanded to 7 candidates
  • Random selection from Mark-Simulacrum, ibraheemdev

@Bryntet
Copy link
Copy Markdown
Contributor

Bryntet commented Apr 14, 2026

Could you explain a bit more on how you could get UB by calling convert_while_ascii? This isn't too clear based on your PR description

@Bryntet
Copy link
Copy Markdown
Contributor

Bryntet commented Apr 14, 2026

also you should probably reroll, see #155303

@Zoxc
Copy link
Copy Markdown
Contributor Author

Zoxc commented Apr 14, 2026

Could you explain a bit more on how you could get UB by calling convert_while_ascii?

The output of convert is placed unchecked in the out vector which later is passed to String::from_utf8_unchecked.

teor2345
teor2345 reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@teor2345 teor2345 left a comment
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look good to me!

View changes since this review

tgross35
tgross35 approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tgross35 tgross35 left a comment
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bors r+ rollup

View changes since this review

@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors bot commented Apr 16, 2026

📌 Commit 99ed1b8 has been approved by tgross35

It is now in the queue for this repository.

@rust-bors rust-bors bot added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Apr 16, 2026
@Zalathar Zalathar mentioned this pull request Apr 17, 2026
Merged
rust-bors bot pushed a commit that referenced this pull request Apr 17, 2026
@bors
Auto merge of #155416 - Zalathar:rollup-D1EWnrR, r=Zalathar
27dbdb5 
Rollup of 19 pull requests

Successful merges:

 - #141633 (Suggest to bind `self.x` to `x` when field `x` may be in format string)
 - #152980 (c-variadic: fix implementation on `avr`)
 - #154491 (Extend `core::char`'s documentation of casing issues (and fix a rustdoc bug))
 - #155318 (Use mutable pointers for Unix path buffers)
 - #155335 (Bump bootstrap to 1.96 beta)
 - #155354 (Remove AttributeSafety from BUILTIN_ATTRIBUTES)
 - #154970 (rustdoc: preserve `doc(cfg)` on locally re-exported type aliases)
 - #155095 (changed the information provided by (mut x) to mut x (Fix 155030))
 - #155305 (Make `convert_while_ascii` unsafe)
 - #155358 (ImproperCTypes: Move erasing_region_normalisation into helper function)
 - #155377 (tests/debuginfo/basic-stepping.rs: Remove FIXME related to ZSTs)
 - #155383 (Rearrange `rustc_ast_pretty`)
 - #155384 (triagebot: notify on diagnostic attribute changes)
 - #155386 (Use `box_new` diagnostic item for Box::new suggestions)
 - #155391 (Small refactor of `QueryJob::latch` method)
 - #155395 (Tweak how the "copy path" rustdoc button works to allow some accessibility tool to work with rustdoc)
 - #155396 (`as_ref_unchecked` docs link fix)
 - #155411 (compiletest: Remove the `//@ should-ice` directive)
 - #155413 (fix: typo in `std::fs::hard_link` documentation)
@rust-bors rust-bors bot merged commit 16b22a7 into rust-lang:main Apr 17, 2026
11 checks passed
rust-timer added a commit that referenced this pull request Apr 17, 2026
@rust-timer
Unrolled build for #155305
eb28f6b 
Rollup merge of #155305 - Zoxc:ub-issue-2, r=tgross35

Make `convert_while_ascii` unsafe

`convert_while_ascii` assumes `convert` only returns ASCII to ensure the output remains valid UTF-8. This adds that requirement as a safety precondition.
@Zoxc Zoxc deleted the ub-issue-2 branch April 17, 2026 17:49
github-actions bot pushed a commit to rust-lang/rustc-dev-guide that referenced this pull request Apr 20, 2026
@bors
Auto merge of #155416 - Zalathar:rollup-D1EWnrR, r=Zalathar
b0abb4d 
Rollup of 19 pull requests

Successful merges:

 - rust-lang/rust#141633 (Suggest to bind `self.x` to `x` when field `x` may be in format string)
 - rust-lang/rust#152980 (c-variadic: fix implementation on `avr`)
 - rust-lang/rust#154491 (Extend `core::char`'s documentation of casing issues (and fix a rustdoc bug))
 - rust-lang/rust#155318 (Use mutable pointers for Unix path buffers)
 - rust-lang/rust#155335 (Bump bootstrap to 1.96 beta)
 - rust-lang/rust#155354 (Remove AttributeSafety from BUILTIN_ATTRIBUTES)
 - rust-lang/rust#154970 (rustdoc: preserve `doc(cfg)` on locally re-exported type aliases)
 - rust-lang/rust#155095 (changed the information provided by (mut x) to mut x (Fix 155030))
 - rust-lang/rust#155305 (Make `convert_while_ascii` unsafe)
 - rust-lang/rust#155358 (ImproperCTypes: Move erasing_region_normalisation into helper function)
 - rust-lang/rust#155377 (tests/debuginfo/basic-stepping.rs: Remove FIXME related to ZSTs)
 - rust-lang/rust#155383 (Rearrange `rustc_ast_pretty`)
 - rust-lang/rust#155384 (triagebot: notify on diagnostic attribute changes)
 - rust-lang/rust#155386 (Use `box_new` diagnostic item for Box::new suggestions)
 - rust-lang/rust#155391 (Small refactor of `QueryJob::latch` method)
 - rust-lang/rust#155395 (Tweak how the "copy path" rustdoc button works to allow some accessibility tool to work with rustdoc)
 - rust-lang/rust#155396 (`as_ref_unchecked` docs link fix)
 - rust-lang/rust#155411 (compiletest: Remove the `//@ should-ice` directive)
 - rust-lang/rust#155413 (fix: typo in `std::fs::hard_link` documentation)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tgross35 tgross35 tgross35 approved these changes

+1 more reviewer

@teor2345 teor2345 teor2345 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ibraheemdev ibraheemdev

Labels

S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Zoxc @rustbot @Bryntet @teor2345 @tgross35 @ibraheemdev