Fix a portability problem in rosidl_runtime_rs::String (#219)

nnmm · web-flow · commit 81cb0f700e6a · 2022-07-08T11:45:41.000+02:00
Previously, it was assumed by the $string_conversion_func, for instance, that the output of deref() would be an unsigned integer.
diff --git a/rosidl_runtime_rs/src/string.rs b/rosidl_runtime_rs/src/string.rs
@@ -110,7 +110,7 @@ pub struct StringExceedsBoundsError {
 
 // There is a lot of redundancy between String and WString, which this macro aims to reduce.
 macro_rules! string_impl {
-    ($string:ty, $char_type:ty, $string_conversion_func:ident, $init:ident, $fini:ident, $assignn:ident, $sequence_init:ident, $sequence_fini:ident, $sequence_copy:ident) => {
+    ($string:ty, $char_type:ty, $unsigned_char_type:ty, $string_conversion_func:ident, $init:ident, $fini:ident, $assignn:ident, $sequence_init:ident, $sequence_fini:ident, $sequence_copy:ident) => {
         #[link(name = "rosidl_runtime_c")]
         extern "C" {
             fn $init(s: *mut $string) -> bool;
@@ -159,21 +159,26 @@ macro_rules! string_impl {
             fn deref(&self) -> &Self::Target {
                 // SAFETY: self.data points to self.size consecutive, initialized elements and
                 // isn't modified externally.
-                unsafe { std::slice::from_raw_parts(self.data as *const $char_type, self.size) }
+                unsafe { std::slice::from_raw_parts(self.data, self.size) }
             }
         }
 
         impl DerefMut for $string {
             fn deref_mut(&mut self) -> &mut Self::Target {
                 // SAFETY: self.data points to self.size consecutive, initialized elements and
                 // isn't modified externally.
-                unsafe { std::slice::from_raw_parts_mut(self.data as *mut $char_type, self.size) }
+                unsafe { std::slice::from_raw_parts_mut(self.data, self.size) }
             }
         }
 
         impl Display for $string {
             fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
-                let converted = std::string::String::$string_conversion_func(self.deref());
+                // SAFETY: Same as deref, but with an additional cast to the unsigned type.
+                // See also https://users.rust-lang.org/t/how-to-convert-i8-to-u8/16308/11
+                let u8_slice = unsafe {
+                    std::slice::from_raw_parts(self.data as *mut $unsigned_char_type, self.size)
+                };
+                let converted = std::string::String::$string_conversion_func(u8_slice);
                 Display::fmt(&converted, f)
             }
         }
@@ -238,6 +243,7 @@ macro_rules! string_impl {
 
 string_impl!(
     String,
+    libc::c_char,
     u8,
     from_utf8_lossy,
     rosidl_runtime_c__String__init,
@@ -250,6 +256,7 @@ string_impl!(
 string_impl!(
     WString,
     libc::c_ushort,
+    u16,
     from_utf16_lossy,
     rosidl_runtime_c__U16String__init,
     rosidl_runtime_c__U16String__fini,
@@ -321,7 +328,7 @@ impl<const N: usize> Debug for BoundedString<N> {
 }
 
 impl<const N: usize> Deref for BoundedString<N> {
-    type Target = [u8];
+    type Target = [libc::c_char];
     fn deref(&self) -> &Self::Target {
         self.inner.deref()
     }
diff --git a/rosidl_runtime_rs/src/string/serde.rs b/rosidl_runtime_rs/src/string/serde.rs
@@ -1,5 +1,4 @@
 use serde::{de::Error, Deserialize, Deserializer, Serialize, Serializer};
-use std::ops::Deref;
 
 use super::{BoundedString, BoundedWString, String, WString};
 
@@ -18,7 +17,9 @@ impl Serialize for String {
         S: Serializer,
     {
         // Not particularly efficient
-        let s = std::string::String::from_utf8_lossy(self.deref());
+        // SAFETY: See the Display implementation.
+        let u8_slice = unsafe { std::slice::from_raw_parts(self.data as *mut u8, self.size) };
+        let s = std::string::String::from_utf8_lossy(u8_slice);
         serializer.serialize_str(&s)
     }
 }
@@ -38,7 +39,9 @@ impl Serialize for WString {
         S: Serializer,
     {
         // Not particularly efficient
-        let s = std::string::String::from_utf16_lossy(self.deref());
+        // SAFETY: See the Display implementation.
+        let u16_slice = unsafe { std::slice::from_raw_parts(self.data as *mut u16, self.size) };
+        let s = std::string::String::from_utf16_lossy(u16_slice);
         serializer.serialize_str(&s)
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`use serde::{de::Error, Deserialize, Deserializer, Serialize, Serializer};`
`2`		`-use std::ops::Deref;`
`3`	`2`
`4`	`3`	`use super::{BoundedString, BoundedWString, String, WString};`
`5`	`4`
`@@ -18,7 +17,9 @@ impl Serialize for String {`
`18`	`17`	`S: Serializer,`
`19`	`18`	`{`
`20`	`19`	`// Not particularly efficient`
`21`		`- let s = std::string::String::from_utf8_lossy(self.deref());`
	`20`	`+ // SAFETY: See the Display implementation.`
	`21`	`+ let u8_slice = unsafe { std::slice::from_raw_parts(self.data as *mut u8, self.size) };`
	`22`	`+ let s = std::string::String::from_utf8_lossy(u8_slice);`
`22`	`23`	`serializer.serialize_str(&s)`
`23`	`24`	`}`
`24`	`25`	`}`
`@@ -38,7 +39,9 @@ impl Serialize for WString {`
`38`	`39`	`S: Serializer,`
`39`	`40`	`{`
`40`	`41`	`// Not particularly efficient`
`41`		`- let s = std::string::String::from_utf16_lossy(self.deref());`
	`42`	`+ // SAFETY: See the Display implementation.`
	`43`	`+ let u16_slice = unsafe { std::slice::from_raw_parts(self.data as *mut u16, self.size) };`
	`44`	`+ let s = std::string::String::from_utf16_lossy(u16_slice);`
`42`	`45`	`serializer.serialize_str(&s)`
`43`	`46`	`}`
`44`	`47`	`}`