A slice covering exactly half the address space is not OK

rust-lang · Sep 10, 2018 · 1aac00f · 1aac00f
1 parent 7b77508
commit 1aac00f
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs
@@ -3852,8 +3852,8 @@ unsafe impl<'a, T> TrustedRandomAccess for ExactChunksMut<'a, T> {
 /// them from other data. You can obtain a pointer that is usable as `data`
 /// for zero-length slices using [`NonNull::dangling()`].
 ///
-/// The total size of the slice must be no larger than `isize::MAX` **bytes**
-/// in memory. See the safety documentation of [`pointer::offset`].
+/// The total size of the slice must lower than `isize::MAX` **bytes** in
+/// memory. See the safety documentation of [`pointer::offset`].
 ///
 /// # Caveat
 ///
@@ -3881,7 +3881,7 @@ unsafe impl<'a, T> TrustedRandomAccess for ExactChunksMut<'a, T> {
 #[stable(feature = "rust1", since = "1.0.0")]
 pub unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
     debug_assert!(data as usize % mem::align_of::<T>() == 0, "attempt to create unaligned slice");
-    debug_assert!(len * mem::size_of::<T>() <= isize::MAX as usize,
+    debug_assert!(len * mem::size_of::<T>() < isize::MAX as usize,
                   "attempt to create slice covering half the address space");
     Repr { raw: FatPtr { data, len } }.rust
 }
@@ -3892,8 +3892,8 @@ pub unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
 /// This function is unsafe for the same reasons as [`from_raw_parts`], as well
 /// as not being able to provide a non-aliasing guarantee of the returned
 /// mutable slice. `data` must be non-null and aligned even for zero-length
-/// slices as with [`from_raw_parts`]. The total size of the slice must be no
-/// larger than `isize::MAX` **bytes** in memory. See the safety documentation
+/// slices as with [`from_raw_parts`]. The total size of the slice must be
+/// lower than `isize::MAX` **bytes** in memory. See the safety documentation
 /// of [`pointer::offset`].
 ///
 /// See the documentation of [`from_raw_parts`] for more details.
@@ -3904,7 +3904,7 @@ pub unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
 #[stable(feature = "rust1", since = "1.0.0")]
 pub unsafe fn from_raw_parts_mut<'a, T>(data: *mut T, len: usize) -> &'a mut [T] {
     debug_assert!(data as usize % mem::align_of::<T>() == 0, "attempt to create unaligned slice");
-    debug_assert!(len * mem::size_of::<T>() <= isize::MAX as usize,
+    debug_assert!(len * mem::size_of::<T>() < isize::MAX as usize,
                   "attempt to create slice covering half the address space");
     Repr { raw: FatPtr { data, len} }.rust_mut
 }