From 47f60d7ad0d546eaef2ddaefd6389a05e235c247 Mon Sep 17 00:00:00 2001
From: Eugene Shamis <eugene.shamis@amd.com>
Date: Mon, 4 Nov 2024 09:50:08 -0500
Subject: [PATCH] Updated SAFETY comment to address underflow

---
 core/src/fmt/num.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/src/fmt/num.rs b/core/src/fmt/num.rs
index aaf429bac8e7f..5a5c4d600745f 100644
--- a/core/src/fmt/num.rs
+++ b/core/src/fmt/num.rs
@@ -88,8 +88,9 @@ unsafe trait GenericRadix: Sized {
                 };
             }
         }
-        // SAFETY: `curr` is initialized to `buf.len()` and is only decremented,
-        // so it is always in bounds.
+        // SAFETY: `curr` is initialized to `buf.len()` and is only decremented, so it can't overflow. It is
+        // decremented exactly once for each digit. Since u128 is the widest fixed width integer format dupported,
+        // the maximum number of digits (bits) is 128 for base-2, so `curr` won't underflow as well.
         let buf = unsafe { buf.get_unchecked(curr..) };
         // SAFETY: The only chars in `buf` are created by `Self::digit` which are assumed to be
         // valid UTF-8