Updated SAFETY comment to address underflow

2024-11-04 09:50:08 -05:00 · 2024-11-04 09:50:08 -05:00 · 37f48da802
commit 37f48da802
parent 02a1ab8071
1 changed files with 3 additions and 2 deletions
--- a/library/core/src/fmt/num.rs
+++ b/library/core/src/fmt/num.rs
@ -88,8 +88,9 @@ fn fmt_int<T: DisplayInt>(&self, mut x: T, f: &mut fmt::Formatter<'_>) -> fmt::R
                };
            }
        }
-        // SAFETY: `curr` is initialized to `buf.len()` and is only decremented,
-        // so it is always in bounds.
+        // SAFETY: `curr` is initialized to `buf.len()` and is only decremented, so it can't overflow. It is
+        // decremented exactly once for each digit. Since u128 is the widest fixed width integer format dupported,
+        // the maximum number of digits (bits) is 128 for base-2, so `curr` won't underflow as well.
        let buf = unsafe { buf.get_unchecked(curr..) };
        // SAFETY: The only chars in `buf` are created by `Self::digit` which are assumed to be
        // valid UTF-8