diff options
| author | Wladimir J. van der Laan <laanwj@protonmail.com> | 2019-10-30 17:18:21 +0100 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@protonmail.com> | 2019-10-30 17:18:29 +0100 |
| commit | a6abc94e9307ea05972ef69732bb148acbfa870a (patch) | |
| tree | 914f13d5cd2482a7e11af549b81ac95c623d8bba | |
| parent | 3c40bc6726b6dc639c4ca2c00c720bccd4cd4dc7 (diff) | |
| parent | 1cf9b35c0dac5f685b7ae62ded16284803816570 (diff) | |
Merge #17281: doc: Add developer note on c_str()
1cf9b35c0dac5f685b7ae62ded16284803816570 doc: Add developer note on c_str() (Wladimir J. van der Laan)
Pull request description:
Add a note when to use and when not to use `c_str()`.
ACKs for top commit:
elichai:
ACK 1cf9b35c0dac5f685b7ae62ded16284803816570
MarcoFalke:
Looking nice ACK 1cf9b35c0dac5f685b7ae62ded16284803816570
Tree-SHA512: 38cb5e54695782c23a82d03db214a8999b5bb52553f4fbe5322281686f42616981a217ba987feb6d87f3e6b95919cadd8484efe69ecc364ba1731aaf173626c9
| -rw-r--r-- | doc/developer-notes.md | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/developer-notes.md b/doc/developer-notes.md index 9cf4b4b075..1a7ce91ca6 100644 --- a/doc/developer-notes.md +++ b/doc/developer-notes.md @@ -640,6 +640,28 @@ Strings and formatting - *Rationale*: Bitcoin Core uses tinyformat, which is type safe. Leave them out to avoid confusion. +- Use `.c_str()` sparingly. Its only valid use is to pass C++ strings to C functions that take NULL-terminated + strings. + + - Do not use it when passing a sized array (so along with `.size()`). Use `.data()` instead to get a pointer + to the raw data. + + - *Rationale*: Although this is guaranteed to be safe starting with C++11, `.data()` communicates the intent better. + + - Do not use it when passing strings to `tfm::format`, `strprintf`, `LogPrint[f]`. + + - *Rationale*: This is redundant. Tinyformat handles strings. + + - Do not use it to convert to `QString`. Use `QString::fromStdString()`. + + - *Rationale*: Qt has build-in functionality for converting their string + type from/to C++. No need to roll your own. + + - In cases where do you call `.c_str()`, you might want to additionally check that the string does not contain embedded '\0' characters, because + it will (necessarily) truncate the string. This might be used to hide parts of the string from logging or to circumvent + checks. If a use of strings is sensitive to this, take care to check the string for embedded NULL characters first + and reject it if there are any (see `ParsePrechecks` in `strencodings.cpp` for an example). + Shadowing -------------- |