From b9ec55bbcdf72480bda11bba5b2151b6376b3897 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?John=20K=C3=A5re=20Alsaker?= Date: Sun, 12 Apr 2026 18:00:56 +0200 Subject: [PATCH] Document why `layout.align() + layout.size()` doesn't overflow --- library/std/src/sys/alloc/windows.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/std/src/sys/alloc/windows.rs b/library/std/src/sys/alloc/windows.rs index 90da0b7e9965..9336a6ec085a 100644 --- a/library/std/src/sys/alloc/windows.rs +++ b/library/std/src/sys/alloc/windows.rs @@ -118,6 +118,9 @@ unsafe fn allocate(layout: Layout, zeroed: bool) -> *mut u8 { process_heap_alloc(MaybeUninit::uninit(), flags, layout.size()) as *mut u8 } else { // Allocate extra padding in order to be able to satisfy the alignment. + // This addition does not overflow due to `Layout` type invariants, + // `size()` is at most `isize::MAX` while + // `align()` is at most `1 << (bits in usize - 2)` if `size()` is non-zero. let total = layout.align() + layout.size(); let ptr = process_heap_alloc(MaybeUninit::uninit(), flags, total) as *mut u8;