Avoid panic on buffers with embedded nul bytes

Some crates use log crate with a message padded with a number of
nullbytes [1]. This currently causes panics.

Using `CStr::from_bytes_until_nul` accepts multiple null-bytes, and
instead stops at the first nullbyte in a buffer.

This may truncate some logs with text interspersed with nullbytes.
However, I'd say logging _something_ there is a less-bad option than
crashing just because we got a nullbyte in the &str.

[1] https://github.com/cloudflare/quiche/blob/d0efd2c5278b9dbe8d6544c3015f8c772f3513b4/quiche/src/tls/mod.rs#L1040

Author: Marcin Radomski

src/platform_log_writer.rs

@@ -123,7 +123,7 @@ impl PlatformLogWriter<'_> {
         );
 
         let initialized = unsafe { slice_assume_init_ref(&self.buffer[..len + 1]) };
-        let msg = CStr::from_bytes_with_nul(initialized)
+        let msg = CStr::from_bytes_until_nul(initialized)
             .expect("Unreachable: nul terminator was placed at `len`");
         android_log(self.buf_id, self.priority, self.tag, msg);
 
@@ -265,6 +265,23 @@ pub mod tests {
         );
     }
 
+    #[test]
+    fn output_specified_len_accepts_extra_trailing_nuls() {
+        let mut writer = get_tag_writer();
+        let log_string = "abcde\0\0\0";
+        let first_nul = log_string.find('\0').unwrap();
+        writer
+            .write_str(log_string)
+            .expect("Unable to write to PlatformLogWriter");
+
+        unsafe { writer.output_specified_len(8) };
+
+        assert_eq!(
+            unsafe { slice_assume_init_ref(&writer.buffer[..first_nul]) },
+            &log_string.as_bytes()[..first_nul]
+        );
+    }
+
     #[test]
     fn copy_bytes_to_start() {
         let mut writer = get_tag_writer();