From d6143c956603318baa640a83c8275b5891006766 Mon Sep 17 00:00:00 2001
From: Alice Ryhl <alice@ryhl.io>
Date: Mon, 7 Feb 2022 10:07:58 +0100
Subject: [PATCH] io: improve safety comment on `FillBuf` (#4476)

---
 tokio/src/io/util/fill_buf.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tokio/src/io/util/fill_buf.rs b/tokio/src/io/util/fill_buf.rs
index 3655c0153..bb07c766e 100644
--- a/tokio/src/io/util/fill_buf.rs
+++ b/tokio/src/io/util/fill_buf.rs
@@ -40,6 +40,12 @@ impl<'a, R: AsyncBufRead + ?Sized + Unpin> Future for FillBuf<'a, R> {
                 // Safety: This is necessary only due to a limitation in the
                 // borrow checker. Once Rust starts using the polonius borrow
                 // checker, this can be simplified.
+                //
+                // The safety of this transmute relies on the fact that the
+                // value of `reader` is `None` when we return in this branch.
+                // Otherwise the caller could poll us again after
+                // completion, and access the mutable reference while the
+                // returned immutable reference still exists.
                 let slice = std::mem::transmute::<&[u8], &'a [u8]>(slice);
                 Poll::Ready(Ok(slice))
             },