From 37f48da802f2f76e210c82731fc7483d7ae96bfd Mon Sep 17 00:00:00 2001
From: Eugene Shamis <eugene.shamis@amd.com>
Date: Mon, 4 Nov 2024 09:50:08 -0500
Subject: [PATCH] Updated SAFETY comment to address underflow

---
 library/core/src/fmt/num.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/core/src/fmt/num.rs b/library/core/src/fmt/num.rs
index aaf429bac8e7..5a5c4d600745 100644
--- a/library/core/src/fmt/num.rs
+++ b/library/core/src/fmt/num.rs
@@ -88,8 +88,9 @@ unsafe trait GenericRadix: Sized {
                 };
             }
         }
-        // SAFETY: `curr` is initialized to `buf.len()` and is only decremented,
-        // so it is always in bounds.
+        // SAFETY: `curr` is initialized to `buf.len()` and is only decremented, so it can't overflow. It is
+        // decremented exactly once for each digit. Since u128 is the widest fixed width integer format dupported,
+        // the maximum number of digits (bits) is 128 for base-2, so `curr` won't underflow as well.
         let buf = unsafe { buf.get_unchecked(curr..) };
         // SAFETY: The only chars in `buf` are created by `Self::digit` which are assumed to be
         // valid UTF-8