Make default-constructed `rstd::Char` well-defined (same as `'\0'`).
PiperOrigin-RevId: 503273525
diff --git a/support/rstd/char.h b/support/rstd/char.h
index d4c1450..e795280 100644
--- a/support/rstd/char.h
+++ b/support/rstd/char.h
@@ -12,6 +12,14 @@
// `rstd::Char` is a C++ representation of the `char` type from Rust.
class Char final {
public:
+ // Creates a default `Char` - one that represents ASCII NUL character.
+ //
+ // Providing the default constructor helps to ensure that the `value_` always
+ // effectively stores a C++ equivalent of a well-defined Rust's `u32` value
+ // (and never has a `MaybeUninit<u32>` value). See also the P2723R1 proposal
+ // for C++ which argues that zero-initialization may mitigate 10% of exploits.
+ constexpr Char() = default;
+
// TODO(b/265338802): Reject `char` values that may represent a part of a
// UTF-8 character (i.e. only the first 0-127 ASCII characters should be
// accepted).
@@ -52,7 +60,7 @@
private:
// See "layout tests" comments in `char_test.cc` for explanation why
// `char32_t` is not used.
- std::uint32_t value_;
+ std::uint32_t value_ = '\0';
};
} // namespace rstd
diff --git a/support/rstd/char_test.cc b/support/rstd/char_test.cc
index 4db685f..c8e29a3 100644
--- a/support/rstd/char_test.cc
+++ b/support/rstd/char_test.cc
@@ -121,4 +121,9 @@
EXPECT_TRUE(b > a);
}
+TEST(RsCharTest, DefaultConstructedValue) {
+ rstd::Char c;
+ EXPECT_EQ(0, uint32_t{c});
+}
+
} // namespace
