Add WCStr

Author: ChrisDenton

library/std/src/sys/fs/windows.rs

@@ -12,7 +12,7 @@ use crate::sync::Arc;
 use crate::sys::handle::Handle;
 use crate::sys::pal::api::{self, WinError, set_file_information_by_handle};
 use crate::sys::pal::{IoResult, fill_utf16_buf, to_u16s, truncate_utf16_at_nul};
-use crate::sys::path::maybe_verbatim;
+use crate::sys::path::{WCStr, maybe_verbatim};
 use crate::sys::time::SystemTime;
 use crate::sys::{Align8, c, cvt};
 use crate::sys_common::{AsInner, FromInner, IntoInner};
@@ -298,10 +298,12 @@ impl OpenOptions {
 impl File {
     pub fn open(path: &Path, opts: &OpenOptions) -> io::Result<File> {
         let path = maybe_verbatim(path)?;
+        // SAFETY: maybe_verbatim returns null-terminated strings
+        let path = unsafe { WCStr::from_wchars_with_null_unchecked(&path) };
         Self::open_native(&path, opts)
     }
 
-    fn open_native(path: &[u16], opts: &OpenOptions) -> io::Result<File> {
+    fn open_native(path: &WCStr, opts: &OpenOptions) -> io::Result<File> {
         let creation = opts.get_creation_mode()?;
         let handle = unsafe {
             c::CreateFileW(
@@ -1212,7 +1214,7 @@ pub fn readdir(p: &Path) -> io::Result<ReadDir> {
     }
 }
 
-pub fn unlink(path: &[u16]) -> io::Result<()> {
+pub fn unlink(path: &WCStr) -> io::Result<()> {
     if unsafe { c::DeleteFileW(path.as_ptr()) } == 0 {
         let err = api::get_last_error();
         // if `DeleteFileW` fails with ERROR_ACCESS_DENIED then try to remove
@@ -1235,7 +1237,7 @@ pub fn unlink(path: &[u16]) -> io::Result<()> {
     }
 }
 
-pub fn rename(old: &[u16], new: &[u16]) -> io::Result<()> {
+pub fn rename(old: &WCStr, new: &WCStr) -> io::Result<()> {
     if unsafe { c::MoveFileExW(old.as_ptr(), new.as_ptr(), c::MOVEFILE_REPLACE_EXISTING) } == 0 {
         let err = api::get_last_error();
         // if `MoveFileExW` fails with ERROR_ACCESS_DENIED then try to move
@@ -1249,7 +1251,8 @@ pub fn rename(old: &[u16], new: &[u16]) -> io::Result<()> {
 
             // Calculate the layout of the `FILE_RENAME_INFO` we pass to `SetFileInformation`
             // This is a dynamically sized struct so we need to get the position of the last field to calculate the actual size.
-            let Ok(new_len_without_nul_in_bytes): Result<u32, _> = ((new.len() - 1) * 2).try_into()
+            let Ok(new_len_without_nul_in_bytes): Result<u32, _> =
+                ((new.count_bytes() - 1) * 2).try_into()
             else {
                 return Err(err).io_result();
             };
@@ -1278,7 +1281,7 @@ pub fn rename(old: &[u16], new: &[u16]) -> io::Result<()> {
 
                 new.as_ptr().copy_to_nonoverlapping(
                     (&raw mut (*file_rename_info).FileName).cast::<u16>(),
-                    new.len(),
+                    new.count_bytes(),
                 );
             }
 
@@ -1305,12 +1308,12 @@ pub fn rename(old: &[u16], new: &[u16]) -> io::Result<()> {
     Ok(())
 }
 
-pub fn rmdir(p: &[u16]) -> io::Result<()> {
+pub fn rmdir(p: &WCStr) -> io::Result<()> {
     cvt(unsafe { c::RemoveDirectoryW(p.as_ptr()) })?;
     Ok(())
 }
 
-pub fn remove_dir_all(path: &[u16]) -> io::Result<()> {
+pub fn remove_dir_all(path: &WCStr) -> io::Result<()> {
     // Open a file or directory without following symlinks.
     let mut opts = OpenOptions::new();
     opts.access_mode(c::FILE_LIST_DIRECTORY);
@@ -1328,7 +1331,7 @@ pub fn remove_dir_all(path: &[u16]) -> io::Result<()> {
     remove_dir_all_iterative(file).io_result()
 }
 
-pub fn readlink(path: &[u16]) -> io::Result<PathBuf> {
+pub fn readlink(path: &WCStr) -> io::Result<PathBuf> {
     // Open the link with no access mode, instead of generic read.
     // By default FILE_LIST_DIRECTORY is denied for the junction "C:\Documents and Settings", so
     // this is needed for a common case.
@@ -1373,17 +1376,17 @@ pub fn symlink_inner(original: &Path, link: &Path, dir: bool) -> io::Result<()>
 }
 
 #[cfg(not(target_vendor = "uwp"))]
-pub fn link(original: &[u16], link: &[u16]) -> io::Result<()> {
+pub fn link(original: &WCStr, link: &WCStr) -> io::Result<()> {
     cvt(unsafe { c::CreateHardLinkW(link.as_ptr(), original.as_ptr(), ptr::null_mut()) })?;
     Ok(())
 }
 
 #[cfg(target_vendor = "uwp")]
-pub fn link(_original: &[u16], _link: &[u16]) -> io::Result<()> {
+pub fn link(_original: &WCStr, _link: &WCStr) -> io::Result<()> {
     return Err(io::const_error!(io::ErrorKind::Unsupported, "hard link are not supported on UWP"));
 }
 
-pub fn stat(path: &[u16]) -> io::Result<FileAttr> {
+pub fn stat(path: &WCStr) -> io::Result<FileAttr> {
     match metadata(path, ReparsePoint::Follow) {
         Err(err) if err.raw_os_error() == Some(c::ERROR_CANT_ACCESS_FILE as i32) => {
             if let Ok(attrs) = lstat(path) {
@@ -1397,7 +1400,7 @@ pub fn stat(path: &[u16]) -> io::Result<FileAttr> {
     }
 }
 
-pub fn lstat(path: &[u16]) -> io::Result<FileAttr> {
+pub fn lstat(path: &WCStr) -> io::Result<FileAttr> {
     metadata(path, ReparsePoint::Open)
 }
 
@@ -1413,7 +1416,7 @@ impl ReparsePoint {
     }
 }
 
-fn metadata(path: &[u16], reparse: ReparsePoint) -> io::Result<FileAttr> {
+fn metadata(path: &WCStr, reparse: ReparsePoint) -> io::Result<FileAttr> {
     let mut opts = OpenOptions::new();
     // No read or write permissions are necessary
     opts.access_mode(0);
@@ -1473,7 +1476,7 @@ fn metadata(path: &[u16], reparse: ReparsePoint) -> io::Result<FileAttr> {
     }
 }
 
-pub fn set_perm(p: &[u16], perm: FilePermissions) -> io::Result<()> {
+pub fn set_perm(p: &WCStr, perm: FilePermissions) -> io::Result<()> {
     unsafe {
         cvt(c::SetFileAttributesW(p.as_ptr(), perm.attrs))?;
         Ok(())
@@ -1489,7 +1492,7 @@ fn get_path(f: &File) -> io::Result<PathBuf> {
     )
 }
 
-pub fn canonicalize(p: &[u16]) -> io::Result<PathBuf> {
+pub fn canonicalize(p: &WCStr) -> io::Result<PathBuf> {
     let mut opts = OpenOptions::new();
     // No read or write permissions are necessary
     opts.access_mode(0);
@@ -1499,7 +1502,7 @@ pub fn canonicalize(p: &[u16]) -> io::Result<PathBuf> {
     get_path(&f)
 }
 
-pub fn copy(from: &[u16], to: &[u16]) -> io::Result<u64> {
+pub fn copy(from: &WCStr, to: &WCStr) -> io::Result<u64> {
     unsafe extern "system" fn callback(
         _TotalFileSize: i64,
         _TotalBytesTransferred: i64,
@@ -1612,7 +1615,7 @@ pub fn junction_point(original: &Path, link: &Path) -> io::Result<()> {
 }
 
 // Try to see if a file exists but, unlike `exists`, report I/O errors.
-pub fn exists(path: &[u16]) -> io::Result<bool> {
+pub fn exists(path: &WCStr) -> io::Result<bool> {
     // Open the file to ensure any symlinks are followed to their target.
     let mut opts = OpenOptions::new();
     // No read, write, etc access rights are needed.

library/std/src/sys/path/windows.rs

@@ -10,10 +10,38 @@ mod tests;
 pub const MAIN_SEP_STR: &str = "\\";
 pub const MAIN_SEP: char = '\\';
 
+/// A null terminated wide string.
+#[repr(transparent)]
+pub struct WCStr([u16]);
+
+impl WCStr {
+    /// Convert a slice to a WCStr without checks.
+    ///
+    /// Though it is memory safe, the slice should also not contain interior nulls
+    /// as this may lead to unwanted truncation.
+    ///
+    /// # Safety
+    ///
+    /// The slice must end in a null.
+    pub unsafe fn from_wchars_with_null_unchecked(s: &[u16]) -> &Self {
+        unsafe { &*(s as *const [u16] as *const Self) }
+    }
+
+    pub fn as_ptr(&self) -> *const u16 {
+        self.0.as_ptr()
+    }
+
+    pub fn count_bytes(&self) -> usize {
+        self.0.len()
+    }
+}
+
 #[inline]
-pub fn with_native_path<T>(path: &Path, f: &dyn Fn(&[u16]) -> io::Result<T>) -> io::Result<T> {
+pub fn with_native_path<T>(path: &Path, f: &dyn Fn(&WCStr) -> io::Result<T>) -> io::Result<T> {
     let path = maybe_verbatim(path)?;
-    f(&path)
+    // SAFETY: maybe_verbatim returns null-terminated strings
+    let path = unsafe { WCStr::from_wchars_with_null_unchecked(&path) };
+    f(path)
 }
 
 #[inline]