"Ilia A." <[EMAIL PROTECTED]> wrote: > On June 4, 2003 01:12 pm, Moriyoshi Koizumi wrote: > > If (srclen + (chunks + 1) * endlen + 1) overflows and results in a <0 number, > the result of the multiplication inside safe_emalloc would still be negative > and we'll trigger the integer overflow check.
I suppose (chunks + 1) * endlen could result in a negative number greater than the negated srclen (-srclen).. Moriyoshi -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php