Skip to content

fix(bytes-str): Fix BytesString split_off char boundary#91

Merged
kdy1 merged 3 commits into
mainfrom
kdy1/fix-bytes-string-split-off-boundary
Jun 1, 2026
Merged

fix(bytes-str): Fix BytesString split_off char boundary#91
kdy1 merged 3 commits into
mainfrom
kdy1/fix-bytes-string-split-off-boundary

Conversation

@kdy1

@kdy1 kdy1 commented Jun 1, 2026

Copy link
Copy Markdown
Member

Summary

  • Add a char-boundary assertion before BytesString::split_off mutates its backing buffer.
  • Document the panic behavior and correct the prefix/suffix wording for split_off.
  • Add regression coverage for valid Unicode splitting and invalid mid-codepoint splitting.

Why

BytesString::split_off could split inside a UTF-8 code point, breaking the internal UTF-8 invariant and allowing safe APIs like as_str to produce invalid str data.

Fixes #90.

Validation

  • cargo fmt --check -p bytes-str
  • cargo test -p bytes-str

@djc

djc commented Jun 1, 2026

Copy link
Copy Markdown

(The deny failure should go away if you upgrade to version 2 of the action.)

@kdy1 kdy1 changed the title Fix BytesString split_off char boundary fix(bytes-str): Fix BytesString split_off char boundary Jun 1, 2026
@kdy1 kdy1 merged commit df5c682 into main Jun 1, 2026
10 checks passed
@kdy1 kdy1 deleted the kdy1/fix-bytes-string-split-off-boundary branch June 1, 2026 15:01
@djc

djc commented Jun 4, 2026

Copy link
Copy Markdown

Are you planning to publish a new release with this?

@kdy1

kdy1 commented Jun 4, 2026

Copy link
Copy Markdown
Member Author

Yeap, I'll fix auto publishing of this repository once I get back to my PC.

I thought f9ff0d8 would publish a new version.

Thanks for the ping

@kdy1

kdy1 commented Jun 4, 2026

Copy link
Copy Markdown
Member Author

Done 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

Soundness issue: BytesString::split_off can break UTF-8 invariant and cause UB via safe APIs

2 participants