On 04/20/2014 02:08 AM, Amos Jeffries wrote: > + while ((rv = *left - *right++) == 0) { > + if (*left++ == '\0' || --byteCount == 0) > + break; > + }
> + // If we stopped scanning because we reached the end of buf() > + if (!byteCount && length() < n) > + return '\0' - *right; The comment does not quite match the condition because it ignores the second part of the condition. The whole condition is closer to something like "we reached the end of buf() before we reached the end of s". That "before" part (missing in the comment and difficult to guess) is what actually makes "right" dereferencing safe in this patch revision AFAICT. I do not see any bugs in the latest patch, and the above problem can be fixed during commit IMO. Please do not forget to add test cases (missing in the latest patch). Thank you, Alex.