If we allow odd increments (the code actually increased the limit by 1) the boundary check is worthless. The last time I commited something I added a +2 so catch all kinds of off-by-one or off-by-two (this already catched the filename)
Example: num_vars = 10 and num_var_max = 11 if (num_vars >= num_vars_max) is false and the buffer is not resized but we write to array[10] and array[11] (where array[10] was the last allocated). This happens everytime we allow odd increments. In the current code this is no security threat, because always 2 more are allocated. Nevertheless now the code stays within the boundary and the 2 element safety buffer isnt needed anymore. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php