From f5179290a6d571229c977b6b7eede92b1492f1aa Mon Sep 17 00:00:00 2001 From: Samuel Tardieu Date: Fri, 5 Jan 2024 14:44:09 +0100 Subject: [PATCH] uucore/num_format: replace saturating_sub by regular subtraction Using `saturating_sub()` before converting to `usize` gives a wrong feeling of security as it looks like it ensures that the value will never go negative. However, since it is applied to `i32`, it can, and converting it to `usize` would go horribly wrong anyway. By following the code flow, `exponent` cannot be greater than `precision`, or the `else` block would not have been taken. A plain subtraction will give the same result and will at least panic in debug mode. --- src/uucore/src/lib/features/format/num_format.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/uucore/src/lib/features/format/num_format.rs b/src/uucore/src/lib/features/format/num_format.rs index 4e60015f6..dce39641d 100644 --- a/src/uucore/src/lib/features/format/num_format.rs +++ b/src/uucore/src/lib/features/format/num_format.rs @@ -425,7 +425,7 @@ fn format_float_shortest( // - The precision works differently and specifies the total number // of digits instead of the digits in the fractional part. // - If we don't force the decimal, '0' and `.` are trimmed. - let decimal_places = (precision as i32).saturating_sub(exponent) as usize; + let decimal_places = (precision as i32 - exponent) as usize; let mut formatted = if decimal_places == 0 && force_decimal == ForceDecimal::Yes { format!("{f:.0}.") } else {