When converting from Rust strings to C strings, we have to ensure that there are no interior nulls, which cannot be represented in C strings.
Currently, we do this via the
CString type in methods like
from_slice, which panic if an interior null is found.
Since interior nulls are relatively rare, that means there are rare panics lurking in anything that winds up calling system APIs, such as IO.
For things like IO, however, we could easily propagate such errors using the
InvalidInput variant for
std::io errors. That would have essentially zero ergonomic impact on users of IO and similar APIs, but might offer somewhat more graceful handling of the situation.
There are a couple of questions to ask:
Is there a reasonable way for clients to handle
InvalidInputerrors other than simply panicking themselves? That is, would this change actually benefit code in practice?
Would the ergonomics of
CString::from_slicetake too much of a hit for code that uses it directly?