rust-lang · bors · Jun 8, 2024 · Jun 4, 2024 · Jun 6, 2024 · workingjubilee
diff --git a/library/std/src/ffi/os_str.rs b/library/std/src/ffi/os_str.rs
@@ -533,6 +533,25 @@ impl OsString {
         unsafe { Box::from_raw(rw) }
     }
 
+    /// Consumes and leaks the `OsString`, returning a mutable reference to the contents,
+    /// `&'a mut OsStr`.
+    ///
+    /// The caller has free choice over the returned lifetime, including 'static.
+    /// Indeed, this function is ideally used for data that lives for the remainder of
+    /// the program’s life, as dropping the returned reference will cause a memory leak.
+    ///
+    /// It does not reallocate or shrink the `OsString`, so the leaked allocation may include
+    /// unused capacity that is not part of the returned slice. If you want to discard excess
+    /// capacity, call [`into_boxed_os_str`], and then [`Box::leak`] instead.
+    /// However, keep in mind that trimming the capacity may result in a reallocation and copy.
+    ///
+    /// [`into_boxed_os_str`]: Self::into_boxed_os_str
+    #[unstable(feature = "os_string_pathbuf_leak", issue = "125965")]
+    #[inline]
+    pub fn leak<'a>(self) -> &'a mut OsStr {
+        OsStr::from_inner_mut(self.inner.leak())
+    }
+
     /// Part of a hack to make PathBuf::push/pop more efficient.
     #[inline]
     pub(crate) fn as_mut_vec_for_path_buf(&mut self) -> &mut Vec<u8> {

diff --git a/library/std/src/ffi/os_str/tests.rs b/library/std/src/ffi/os_str/tests.rs
@@ -23,6 +23,15 @@ fn test_os_string_clear() {
     assert_eq!(0, os_string.inner.as_inner().len());
 }
 
+#[test]
+fn test_os_string_leak() {
+    let os_string = OsString::from("have a cake");
+    let (len, cap) = (os_string.len(), os_string.capacity());
+    let leaked = os_string.leak();
+    assert_eq!(leaked.as_encoded_bytes(), b"have a cake");
+    unsafe { drop(String::from_raw_parts(leaked as *mut OsStr as _, len, cap)) }
+}
+
 #[test]
 fn test_os_string_capacity() {
     let os_string = OsString::with_capacity(0);

diff --git a/library/std/src/path.rs b/library/std/src/path.rs
@@ -1226,6 +1226,25 @@ impl PathBuf {
         self
     }
 
+    /// Consumes and leaks the `PathBuf`, returning a mutable reference to the contents,
+    /// `&'a mut Path`.
+    ///
+    /// The caller has free choice over the returned lifetime, including 'static.
+    /// Indeed, this function is ideally used for data that lives for the remainder of
+    /// the program’s life, as dropping the returned reference will cause a memory leak.
+    ///
+    /// It does not reallocate or shrink the `PathBuf`, so the leaked allocation may include
+    /// unused capacity that is not part of the returned slice. If you want to discard excess
+    /// capacity, call [`into_boxed_path`], and then [`Box::leak`] instead.
+    /// However, keep in mind that trimming the capacity may result in a reallocation and copy.
+    ///
+    /// [`into_boxed_path`]: Self::into_boxed_path
+    #[unstable(feature = "os_string_pathbuf_leak", issue = "125965")]
+    #[inline]
+    pub fn leak<'a>(self) -> &'a mut Path {
+        Path::from_inner_mut(self.inner.leak())
+    }
+
     /// Extends `self` with `path`.
     ///
     /// If `path` is absolute, it replaces the current path.

diff --git a/library/std/src/path/tests.rs b/library/std/src/path/tests.rs
@@ -126,6 +126,16 @@ fn into() {
     assert_eq!(static_cow_path, owned_cow_path);
 }
 
+#[test]
+fn test_pathbuf_leak() {
+    let string = "/have/a/cake".to_owned();
+    let (len, cap) = (string.len(), string.capacity());
+    let buf = PathBuf::from(string);
+    let leaked = buf.leak();
+    assert_eq!(leaked.as_os_str().as_encoded_bytes(), b"/have/a/cake");
+    unsafe { drop(String::from_raw_parts(leaked.as_mut_os_str() as *mut OsStr as _, len, cap)) }
+}
+
 #[test]
 #[cfg(unix)]
 pub fn test_decompositions_unix() {

diff --git a/library/std/src/sys/os_str/bytes.rs b/library/std/src/sys/os_str/bytes.rs
@@ -176,6 +176,11 @@ impl Buf {
         self.inner.extend_from_slice(&s.inner)
     }
 
+    #[inline]
+    pub fn leak<'a>(self) -> &'a mut Slice {
+        unsafe { mem::transmute(self.inner.leak()) }
 pub fn as_slice(&self) -> &Slice { 
     // SAFETY: Slice just wraps [u8], 
     // and &*self.inner is &[u8], therefore 
     // transmuting &[u8] to &Slice is safe. 
     unsafe { mem::transmute(&*self.inner) } 
 } 
 #[inline] 
 pub fn as_mut_slice(&mut self) -> &mut Slice { 
     // SAFETY: Slice just wraps [u8], 
     // and &mut *self.inner is &mut [u8], therefore 
     // transmuting &mut [u8] to &mut Slice is safe. 
     unsafe { mem::transmute(&mut *self.inner) } 
 } 
 pub fn as_slice(&self) -> &Slice { 
     // SAFETY: Slice just wraps [u8], 
     // and &*self.inner is &[u8], therefore 
     // transmuting &[u8] to &Slice is safe. 
     unsafe { mem::transmute(&*self.inner) } 
 } 
  
 #[inline] 
 pub fn as_mut_slice(&mut self) -> &mut Slice { 
     // SAFETY: Slice just wraps [u8], 
     // and &mut *self.inner is &mut [u8], therefore 
     // transmuting &mut [u8] to &mut Slice is safe. 
     unsafe { mem::transmute(&mut *self.inner) } 
 } 
+    }
+
     #[inline]
     pub fn into_box(self) -> Box<Slice> {
         unsafe { mem::transmute(self.inner.into_boxed_slice()) }

diff --git a/library/std/src/sys/os_str/wtf8.rs b/library/std/src/sys/os_str/wtf8.rs
@@ -138,6 +138,11 @@ impl Buf {
         self.inner.shrink_to(min_capacity)
     }
 
+    #[inline]
+    pub fn leak<'a>(self) -> &'a mut Slice {
+        unsafe { mem::transmute(self.inner.leak()) }
+    }
+
     #[inline]
     pub fn into_box(self) -> Box<Slice> {
         unsafe { mem::transmute(self.inner.into_box()) }

diff --git a/library/std/src/sys_common/wtf8.rs b/library/std/src/sys_common/wtf8.rs
@@ -325,6 +325,11 @@ impl Wtf8Buf {
         self.bytes.shrink_to(min_capacity)
     }
 
+    #[inline]
+    pub fn leak<'a>(self) -> &'a mut Wtf8 {
+        unsafe { Wtf8::from_mut_bytes_unchecked(self.bytes.leak()) }
+    }
+
     /// Returns the number of bytes that this string buffer can hold without reallocating.
     #[inline]
     pub fn capacity(&self) -> usize {