Rollup merge of #70776 - RalfJung:raw-vec, r=Dylan-DPC,TimDiekmann

clarify comment in RawVec::into_box

On first reading I almost thought "len <= cap" would be all that there is to check here. Expand the comment to clarify that that is not the case.

Author: Dylan-DPC

src/liballoc/raw_vec.rs

@@ -570,16 +570,19 @@ impl<T> RawVec<T, Global> {
     ///
     /// # Safety
     ///
-    /// `shrink_to_fit(len)` must be called immediately prior to calling this function. This
-    /// implies, that `len` must be smaller than or equal to `self.capacity()`.
+    /// * `len` must be greater than or equal to the most recently requested capacity, and
+    /// * `len` must be less than or equal to `self.capacity()`.
+    ///
+    /// Note, that the requested capacity and `self.capacity()` could differ, as
+    /// an allocator could overallocate and return a greater memory block than requested.
     pub unsafe fn into_box(self, len: usize) -> Box<[MaybeUninit<T>]> {
+        // Sanity-check one half of the safety requirement (we cannot check the other half).
         debug_assert!(
             len <= self.capacity(),
             "`len` must be smaller than or equal to `self.capacity()`"
         );
 
         let me = ManuallyDrop::new(self);
-        // NOTE: not calling `capacity()` here; actually using the real `cap` field!
         let slice = slice::from_raw_parts_mut(me.ptr() as *mut MaybeUninit<T>, len);
         Box::from_raw(slice)
     }