diff options
| author | Steven Fackler <sfackler@gmail.com> | 2021-01-11 17:16:44 -0500 |
|---|---|---|
| committer | Steven Fackler <sfackler@gmail.com> | 2021-01-11 17:16:44 -0500 |
| commit | e6c07b0628938b0003ecbae0f60b588eebf474aa (patch) | |
| tree | 672b299160360c4647c40f1b7ce60a901e0e5c99 | |
| parent | 5cb830397e8493f4bf923b411ec378cd00ce28f9 (diff) | |
| download | rust-e6c07b0628938b0003ecbae0f60b588eebf474aa.tar.gz rust-e6c07b0628938b0003ecbae0f60b588eebf474aa.zip | |
clarify docs a bit
| -rw-r--r-- | library/std/src/io/mod.rs | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/library/std/src/io/mod.rs b/library/std/src/io/mod.rs index af570ac6e30..f73116ba106 100644 --- a/library/std/src/io/mod.rs +++ b/library/std/src/io/mod.rs @@ -388,10 +388,9 @@ where match r.read(buf) { Ok(0) => return Ok(g.len - start_len), Ok(n) => { - // We can't let g.len overflow which would result in the vec shrinking when the function returns. In - // particular, that could break read_to_string if the shortened buffer doesn't end on a UTF-8 boundary. - // The minimal check would just be a checked_add, but this assert is a bit more precise and should be - // just about the same cost. + // We can't allow bogus values from read. If it is too large, the returned vec could have its length + // set past its capacity, or if it overflows the vec could be shortened which could create an invalid + // string if this is called via read_to_string. assert!(n <= buf.len()); g.len += n; } |