diff --git a/src/liballoc/raw_vec.rs b/src/liballoc/raw_vec.rs index 12e32fd9d352c..7ac67870eb751 100644 --- a/src/liballoc/raw_vec.rs +++ b/src/liballoc/raw_vec.rs @@ -570,16 +570,19 @@ impl RawVec { /// /// # Safety /// - /// `shrink_to_fit(len)` must be called immediately prior to calling this function. This - /// implies, that `len` must be smaller than or equal to `self.capacity()`. + /// * `len` must be greater than or equal to the most recently requested capacity, and + /// * `len` must be less than or equal to `self.capacity()`. + /// + /// Note, that the requested capacity and `self.capacity()` could differ, as + /// an allocator could overallocate and return a greater memory block than requested. pub unsafe fn into_box(self, len: usize) -> Box<[MaybeUninit]> { + // Sanity-check one half of the safety requirement (we cannot check the other half). debug_assert!( len <= self.capacity(), "`len` must be smaller than or equal to `self.capacity()`" ); let me = ManuallyDrop::new(self); - // NOTE: not calling `capacity()` here; actually using the real `cap` field! let slice = slice::from_raw_parts_mut(me.ptr() as *mut MaybeUninit, len); Box::from_raw(slice) }