A theoretical argument for why somebody might write problematic code
is http://www.fefe.de/openldap-mail.txt .
But that's like "putting the cart before the horses" (and complaining
that it does not work).
You find a security problem, you find a solution, you find the compiler
optimizes away, you blame the compiler. You don't look for an
alternative, which would be the most sensible: compare the length with
the size, without unnecessary pointer arithmetic. Since the length is
unsigned, it's enough to do this:
if (len > (size_t) (max - ptr))
/* overflow */ ;
Paolo
