aboutsummaryrefslogtreecommitdiff
path: root/doc/developer-notes.md
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@protonmail.com>2019-10-28 14:04:54 +0100
committerWladimir J. van der Laan <laanwj@protonmail.com>2019-10-30 10:53:27 +0100
commit1cf9b35c0dac5f685b7ae62ded16284803816570 (patch)
tree88d802ae6a14f93878fc194f9238541659334fd1 /doc/developer-notes.md
parenta25945318fdc2890a141a28843c2c5af251c9605 (diff)
doc: Add developer note on c_str()
Add a note when to use and when not to use `c_str()`.
Diffstat (limited to 'doc/developer-notes.md')
-rw-r--r--doc/developer-notes.md22
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/developer-notes.md b/doc/developer-notes.md
index 9cf4b4b075..1a7ce91ca6 100644
--- a/doc/developer-notes.md
+++ b/doc/developer-notes.md
@@ -640,6 +640,28 @@ Strings and formatting
- *Rationale*: Bitcoin Core uses tinyformat, which is type safe. Leave them out to avoid confusion.
+- Use `.c_str()` sparingly. Its only valid use is to pass C++ strings to C functions that take NULL-terminated
+ strings.
+
+ - Do not use it when passing a sized array (so along with `.size()`). Use `.data()` instead to get a pointer
+ to the raw data.
+
+ - *Rationale*: Although this is guaranteed to be safe starting with C++11, `.data()` communicates the intent better.
+
+ - Do not use it when passing strings to `tfm::format`, `strprintf`, `LogPrint[f]`.
+
+ - *Rationale*: This is redundant. Tinyformat handles strings.
+
+ - Do not use it to convert to `QString`. Use `QString::fromStdString()`.
+
+ - *Rationale*: Qt has build-in functionality for converting their string
+ type from/to C++. No need to roll your own.
+
+ - In cases where do you call `.c_str()`, you might want to additionally check that the string does not contain embedded '\0' characters, because
+ it will (necessarily) truncate the string. This might be used to hide parts of the string from logging or to circumvent
+ checks. If a use of strings is sensitive to this, take care to check the string for embedded NULL characters first
+ and reject it if there are any (see `ParsePrechecks` in `strencodings.cpp` for an example).
+
Shadowing
--------------