implement review suggestions

Author: beepster4096

library/std/src/io/buffered/bufreader.rs

@@ -380,7 +380,7 @@ impl<R: Read> BufRead for BufReader<R> {
 
             let mut readbuf = ReadBuf::uninit(&mut self.buf);
 
-            // SAFETY: `self.init` is either 0 set to `readbuf.initialized_len()`
+            // SAFETY: `self.init` is either 0 or set to `readbuf.initialized_len()`
             // from the last time this function was called
             unsafe {
                 readbuf.assume_init(self.init);

library/std/src/io/mod.rs

@@ -371,8 +371,9 @@ pub(crate) fn default_read_to_end<R: Read + ?Sized>(r: &mut R, buf: &mut Vec<u8>
         }
 
         let mut read_buf = ReadBuf::uninit(buf.spare_capacity_mut());
+
+        // SAFETY: These bytes were initalized but not filled in the previous loop
         unsafe {
-            // add back extra initalized bytes, we don't want to reinitalize initalized bytes
             read_buf.assume_init(initialized);
         }
 
@@ -389,6 +390,8 @@ pub(crate) fn default_read_to_end<R: Read + ?Sized>(r: &mut R, buf: &mut Vec<u8>
         // store how much was initialized but not filled
         initialized = read_buf.initialized_len() - read_buf.filled_len();
         let new_len = read_buf.filled_len() + buf.len();
+
+        // SAFETY: ReadBuf's invariants mean this much memory is init
         unsafe {
             buf.set_len(new_len);
         }
@@ -2558,11 +2561,17 @@ impl<T: Read> Read for Take<T> {
         let prev_filled = buf.filled_len();
 
         if self.limit <= buf.remaining() as u64 {
-            let extra_init = buf.initialized_len() - buf.filled_len();
-            let ibuf = unsafe { &mut buf.unfilled_mut()[..self.limit as usize] };
+            // if we just use an as cast to convert, limit may wrap around on a 32 bit target
+            let limit = cmp::min(self.limit, usize::MAX as u64) as usize;
+
+            let extra_init = cmp::min(limit as usize, buf.initialized_len() - buf.filled_len());
+
+            // SAFETY: no uninit data is written to ibuf
+            let ibuf = unsafe { &mut buf.unfilled_mut()[..limit] };
 
             let mut sliced_buf = ReadBuf::uninit(ibuf);
 
+            // SAFETY: extra_init bytes of ibuf are known to be initialized
             unsafe {
                 sliced_buf.assume_init(extra_init);
             }
@@ -2574,6 +2583,7 @@ impl<T: Read> Read for Take<T> {
 
             // sliced_buf / ibuf must drop here
 
+            // SAFETY: new_init bytes of buf's unfilled buffer have been initialized
             unsafe {
                 buf.assume_init(new_init);
             }

library/std/src/io/readbuf.rs

@@ -43,7 +43,7 @@ impl<'a> ReadBuf<'a> {
         let len = buf.len();
 
         ReadBuf {
-            //SAFETY: inintialized data never becoming uninitialized is an invariant of ReadBuf
+            //SAFETY: initialized data never becoming uninitialized is an invariant of ReadBuf
             buf: unsafe { (buf as *mut [u8]).as_uninit_slice_mut().unwrap() },
             filled: 0,
             initialized: len,
@@ -135,10 +135,10 @@ impl<'a> ReadBuf<'a> {
     pub fn initialize_unfilled_to(&mut self, n: usize) -> &mut [u8] {
         assert!(self.remaining() >= n);
 
-        //dont try to do any zeroing if we already have enough initialized
-        if n > (self.initialized - self.filled) {
-            let uninit = (n + self.filled) - self.initialized;
-
+        let extra_init = self.initialized - self.filled;
+        // If we dont have enough initialized, do zeroing
+        if n > extra_init {
+            let uninit = n - extra_init;
             let unfilled = &mut self.uninitialized_mut()[0..uninit];
 
             for byte in unfilled.iter_mut() {

library/std/src/io/readbuf/tests.rs

@@ -167,3 +167,15 @@ fn append() {
     assert_eq!(rbuf.filled_len(), 16);
     assert_eq!(rbuf.filled(), [1; 16]);
 }
+
+#[test]
+fn filled_mut() {
+    let mut buf = [0; 16];
+    let mut rbuf = ReadBuf::new(&mut buf);
+
+    rbuf.add_filled(8);
+
+    let filled = rbuf.filled().to_vec();
+
+    assert_eq!(&*filled, &*rbuf.filled_mut());
+}