Chris Penev wrote: > Line 153 - 157 > ... > 153: size_t outbase_length = strlen (outbase); > 154: size_t outfile_length = outbase_length + suffix_length; > 155: if (outfile_length + 1 < outbase_length) > 156: xalloc_die (); > 157: outfile = xmalloc (outfile_length + 1); > ... > > If suffix_length SIZE_MAX the check on line 155 is bypassed.
Thanks for the analysis and the report. That is true. However, the code that sets suffix_length ensures that it is no larger than SIZE_MAX / sizeof (size_t), so there's no problem. _______________________________________________ Bug-coreutils mailing list Bug-coreutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-coreutils