From ddae7e6f411c4c87294212152b8d9beea16637e7 Mon Sep 17 00:00:00 2001
From: Manish Goregaokar <manishsmail@gmail.com>
Date: Tue, 2 Jan 2024 17:22:34 -0800
Subject: [PATCH] Correct safety docs

---
 clap_lex/src/ext.rs | 3 +++
 clap_lex/src/lib.rs | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/clap_lex/src/ext.rs b/clap_lex/src/ext.rs
index a2de707e2bd..009c03c5105 100644
--- a/clap_lex/src/ext.rs
+++ b/clap_lex/src/ext.rs
@@ -2,6 +2,9 @@ use std::ffi::OsStr;
 
 pub trait OsStrExt: private::Sealed {
     /// Converts to a string slice.
+    ///
+    /// The Utf8Error is guaranteed to have a valid UTF8 boundary
+    /// in its `valid_up_to()`
     fn try_str(&self) -> Result<&str, std::str::Utf8Error>;
     /// Returns `true` if the given pattern matches a sub-slice of
     /// this string slice.
diff --git a/clap_lex/src/lib.rs b/clap_lex/src/lib.rs
index 581595a2c5e..53291cc6bb5 100644
--- a/clap_lex/src/lib.rs
+++ b/clap_lex/src/lib.rs
@@ -463,7 +463,8 @@ fn split_nonutf8_once(b: &OsStr) -> (&str, Option<&OsStr>) {
     match b.try_str() {
         Ok(s) => (s, None),
         Err(err) => {
-            // SAFETY: `char_indices` ensures `index` is at a valid UTF-8 boundary
+            // SAFETY: `err.valid_up_to()`, which came from str::from_utf8(), is guaranteed
+            // to be a valid UTF8 boundary
             let (valid, after_valid) = unsafe { ext::split_at(b, err.valid_up_to()) };
             let valid = valid.try_str().unwrap();
             (valid, Some(after_valid))