diff options
| author | Eugene Shamis <eugene.shamis@amd.com> | 2024-11-04 09:50:08 -0500 |
|---|---|---|
| committer | Eugene Shamis <eugene.shamis@amd.com> | 2024-11-04 12:36:24 -0500 |
| commit | 37f48da802f2f76e210c82731fc7483d7ae96bfd (patch) | |
| tree | b87d887ebfc197419587d5abbc240d7c76679e62 | |
| parent | 02a1ab807191891e888c19b4b8b54de33dba081b (diff) | |
| download | rust-37f48da802f2f76e210c82731fc7483d7ae96bfd.tar.gz rust-37f48da802f2f76e210c82731fc7483d7ae96bfd.zip | |
Updated SAFETY comment to address underflow
| -rw-r--r-- | library/core/src/fmt/num.rs | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/library/core/src/fmt/num.rs b/library/core/src/fmt/num.rs index aaf429bac8e..5a5c4d60074 100644 --- a/library/core/src/fmt/num.rs +++ b/library/core/src/fmt/num.rs @@ -88,8 +88,9 @@ unsafe trait GenericRadix: Sized { }; } } - // SAFETY: `curr` is initialized to `buf.len()` and is only decremented, - // so it is always in bounds. + // SAFETY: `curr` is initialized to `buf.len()` and is only decremented, so it can't overflow. It is + // decremented exactly once for each digit. Since u128 is the widest fixed width integer format dupported, + // the maximum number of digits (bits) is 128 for base-2, so `curr` won't underflow as well. let buf = unsafe { buf.get_unchecked(curr..) }; // SAFETY: The only chars in `buf` are created by `Self::digit` which are assumed to be // valid UTF-8 |