This is apparently now CVE-2024-50610 [1], I was just pinged (as the Debian maintainer) by the Debian security team.
Does the GSL team have a view on the preferred fix? Bracket the allocation
with an if (non_negative) { ... } block as suggested?
Cheers, Dirk
[1] https://www.cve.org/CVERecord?id=CVE-2024-50610
--
dirk.eddelbuettel.com | @eddelbuettel | [email protected]
