Merge #17281: doc: Add developer note on c_str()

1cf9b35c0dac5f685b7ae62ded16284803816570 doc: Add developer note on c_str() (Wladimir J. van der Laan)

Pull request description:

  Add a note when to use and when not to use `c_str()`.

ACKs for top commit:
  elichai:
    ACK 1cf9b35c0dac5f685b7ae62ded16284803816570
  MarcoFalke:
    Looking nice ACK 1cf9b35c0dac5f685b7ae62ded16284803816570

Tree-SHA512: 38cb5e54695782c23a82d03db214a8999b5bb52553f4fbe5322281686f42616981a217ba987feb6d87f3e6b95919cadd8484efe69ecc364ba1731aaf173626c9
This commit is contained in:
Wladimir J. van der Laan 2019-10-30 17:18:21 +01:00 committed by Pasta
parent af8f8b67f6
commit 46c3eaab48
No known key found for this signature in database
GPG Key ID: 52527BEDABE87984

View File

@ -638,6 +638,28 @@ Strings and formatting
- *Rationale*: Dash Core uses tinyformat, which is type safe. Leave them out to avoid confusion - *Rationale*: Dash Core uses tinyformat, which is type safe. Leave them out to avoid confusion
- Use `.c_str()` sparingly. Its only valid use is to pass C++ strings to C functions that take NULL-terminated
strings.
- Do not use it when passing a sized array (so along with `.size()`). Use `.data()` instead to get a pointer
to the raw data.
- *Rationale*: Although this is guaranteed to be safe starting with C++11, `.data()` communicates the intent better.
- Do not use it when passing strings to `tfm::format`, `strprintf`, `LogPrint[f]`.
- *Rationale*: This is redundant. Tinyformat handles strings.
- Do not use it to convert to `QString`. Use `QString::fromStdString()`.
- *Rationale*: Qt has build-in functionality for converting their string
type from/to C++. No need to roll your own.
- In cases where do you call `.c_str()`, you might want to additionally check that the string does not contain embedded '\0' characters, because
it will (necessarily) truncate the string. This might be used to hide parts of the string from logging or to circumvent
checks. If a use of strings is sensitive to this, take care to check the string for embedded NULL characters first
and reject it if there are any (see `ParsePrechecks` in `strencodings.cpp` for an example).
Shadowing Shadowing
-------------- --------------