Chris Penev wrote:
Line 153 - 157
...
153:size_t outbase_length = strlen (outbase);
154:size_t outfile_length = outbase_length + suffix_length;
155:if (outfile_length + 1 outbase_length)
156:xalloc_die ();
157:outfile = xmalloc (outfile_length + 1);
...
If suffix_length SIZE_MAX the check on line 155 is bypassed.
Thanks for the analysis and the report. That is true.
However, the code that sets suffix_length ensures that it
is no larger than SIZE_MAX / sizeof (size_t), so there's no problem.
___
Bug-coreutils mailing list
Bug-coreutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-coreutils
