refactor to_exec_array

xtqqczze · xtqqczze · commit 61c4513168f2 · 2025-12-12T17:47:01.000Z
diff --git a/src/lib.rs b/src/lib.rs
@@ -412,3 +412,14 @@ where
         None => Ok(f(ptr::null())),
     }
 }
+
+#[cfg(feature = "process")]
+pub(crate) fn c_slice_to_pointers<S: AsRef<CStr>>(
+    slice: &[S],
+) -> Box<[*const libc::c_char]> {
+    slice
+        .iter()
+        .map(|s| s.as_ref().as_ptr())
+        .chain(std::iter::once(std::ptr::null()))
+        .collect()
+}
diff --git a/src/spawn.rs b/src/spawn.rs
@@ -343,21 +343,6 @@ impl Drop for PosixSpawnFileActions {
     }
 }
 
-// The POSIX standard requires those `args` and `envp` to be of type `*const *mut [c_char]`,
-// but implementations won't modify them, making the `mut` type redundant. Considering this,
-// Nix does not expose this mutability, but we have to change the interface when calling the
-// underlying libc interfaces , this helper function does the conversion job.
-//
-// SAFETY:
-// It is safe to add the mutability in types as implementations won't mutable them.
-unsafe fn to_exec_array<S: AsRef<CStr>>(args: &[S]) -> Vec<*mut libc::c_char> {
-    use std::iter::once;
-    args.iter()
-        .map(|s| s.as_ref().as_ptr().cast_mut())
-        .chain(once(std::ptr::null_mut()))
-        .collect()
-}
-
 /// Create a new child process from the specified process image. See
 /// [posix_spawn](https://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn.html).
 pub fn posix_spawn<P, SA, SE>(
@@ -374,19 +359,24 @@ where
 {
     let mut pid = 0;
 
-    let ret = unsafe {
-        let args_p = to_exec_array(args);
-        let env_p = to_exec_array(envp);
-
+    let ret = {
         path.with_nix_path(|c_str| {
-            libc::posix_spawn(
-                &mut pid as *mut libc::pid_t,
-                c_str.as_ptr(),
-                &file_actions.fa as *const libc::posix_spawn_file_actions_t,
-                &attr.attr as *const libc::posix_spawnattr_t,
-                args_p.as_ptr(),
-                env_p.as_ptr(),
-            )
+            let args_p = crate::c_slice_to_pointers(args);
+            let env_p = crate::c_slice_to_pointers(envp);
+
+            // SAFETY: The POSIX standard specifies `argv` and `envp` as `*const *mut c_char`,
+            // but also requires that these arrays and their strings must not be modified,
+            // so passing immutable data is sound.
+            unsafe {
+                libc::posix_spawn(
+                    &mut pid as *mut libc::pid_t,
+                    c_str.as_ptr(),
+                    &file_actions.fa as *const libc::posix_spawn_file_actions_t,
+                    &attr.attr as *const libc::posix_spawnattr_t,
+                    args_p.as_ptr() as *const *mut _,
+                    env_p.as_ptr() as *const *mut _,
+                )
+            }
         })?
     };
 
@@ -408,18 +398,23 @@ pub fn posix_spawnp<SA: AsRef<CStr>, SE: AsRef<CStr>>(
 ) -> Result<Pid> {
     let mut pid = 0;
 
-    let ret = unsafe {
-        let args_p = to_exec_array(args);
-        let env_p = to_exec_array(envp);
-
-        libc::posix_spawnp(
-            &mut pid as *mut libc::pid_t,
-            path.as_ptr(),
-            &file_actions.fa as *const libc::posix_spawn_file_actions_t,
-            &attr.attr as *const libc::posix_spawnattr_t,
-            args_p.as_ptr(),
-            env_p.as_ptr(),
-        )
+    let ret = {
+        let args_p = crate::c_slice_to_pointers(args);
+        let env_p = crate::c_slice_to_pointers(envp);
+
+        // SAFETY: The POSIX standard specifies `argv` and `envp` as `*const *mut c_char`,
+        // but also states that these arrays and their strings shall not be modified,
+        // so passing immutable data is sound.
+        unsafe {
+            libc::posix_spawnp(
+                &mut pid as *mut libc::pid_t,
+                path.as_ptr(),
+                &file_actions.fa as *const libc::posix_spawn_file_actions_t,
+                &attr.attr as *const libc::posix_spawnattr_t,
+                args_p.as_ptr() as *const *mut _,
+                env_p.as_ptr() as *const *mut _,
+            )
+        }
     };
 
     if ret != 0 {
diff --git a/src/unistd.rs b/src/unistd.rs
@@ -1079,13 +1079,6 @@ pub fn fchownat<Fd: std::os::fd::AsFd, P: ?Sized + NixPath>(
 
 feature! {
 #![feature = "process"]
-fn to_exec_array<S: AsRef<CStr>>(args: &[S]) -> Vec<*const c_char> {
-    use std::iter::once;
-    args.iter()
-        .map(|s| s.as_ref().as_ptr())
-        .chain(once(ptr::null()))
-        .collect()
-}
 
 /// Replace the current process image with a new one (see
 /// [exec(3)](https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html)).
@@ -1095,7 +1088,7 @@ fn to_exec_array<S: AsRef<CStr>>(args: &[S]) -> Vec<*const c_char> {
 /// environment for the new process.
 #[inline]
 pub fn execv<S: AsRef<CStr>>(path: &CStr, argv: &[S]) -> Result<Infallible> {
-    let args_p = to_exec_array(argv);
+    let args_p = crate::c_slice_to_pointers(argv);
 
     unsafe { libc::execv(path.as_ptr(), args_p.as_ptr()) };
 
@@ -1120,8 +1113,8 @@ pub fn execve<SA: AsRef<CStr>, SE: AsRef<CStr>>(
     args: &[SA],
     env: &[SE],
 ) -> Result<Infallible> {
-    let args_p = to_exec_array(args);
-    let env_p = to_exec_array(env);
+    let args_p = crate::c_slice_to_pointers(args);
+    let env_p = crate::c_slice_to_pointers(env);
 
     unsafe { libc::execve(path.as_ptr(), args_p.as_ptr(), env_p.as_ptr()) };
 
@@ -1142,7 +1135,7 @@ pub fn execvp<S: AsRef<CStr>>(
     filename: &CStr,
     args: &[S],
 ) -> Result<Infallible> {
-    let args_p = to_exec_array(args);
+    let args_p = crate::c_slice_to_pointers(args);
 
     unsafe { libc::execvp(filename.as_ptr(), args_p.as_ptr()) };
 
@@ -1162,8 +1155,8 @@ pub fn execvpe<SA: AsRef<CStr>, SE: AsRef<CStr>>(
     args: &[SA],
     env: &[SE],
 ) -> Result<Infallible> {
-    let args_p = to_exec_array(args);
-    let env_p = to_exec_array(env);
+    let args_p = crate::c_slice_to_pointers(args);
+    let env_p = crate::c_slice_to_pointers(env);
 
     unsafe {
         libc::execvpe(filename.as_ptr(), args_p.as_ptr(), env_p.as_ptr())
@@ -1191,8 +1184,8 @@ pub fn fexecve<Fd: std::os::fd::AsFd, SA: AsRef<CStr>, SE: AsRef<CStr>>(
 ) -> Result<Infallible> {
     use std::os::fd::AsRawFd;
 
-    let args_p = to_exec_array(args);
-    let env_p = to_exec_array(env);
+    let args_p = crate::c_slice_to_pointers(args);
+    let env_p = crate::c_slice_to_pointers(env);
 
     unsafe { libc::fexecve(fd.as_fd().as_raw_fd(), args_p.as_ptr(), env_p.as_ptr()) };
 
@@ -1220,8 +1213,8 @@ pub fn execveat<Fd: std::os::fd::AsFd, SA: AsRef<CStr>, SE: AsRef<CStr>>(
 ) -> Result<Infallible> {
     use std::os::fd::AsRawFd;
 
-    let args_p = to_exec_array(args);
-    let env_p = to_exec_array(env);
+    let args_p = crate::c_slice_to_pointers(args);
+    let env_p = crate::c_slice_to_pointers(env);
 
     unsafe {
         libc::syscall(
