--oTHb8nViIGeoXxdp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Charles Blundell <cb@kittenz.org> wrote:
> on Sun, Jul 20, 2003 at 07:51:26PM -0400, Jan Schaumann wrote:
> > +char *
> > +printescaped(const char *src)
> > +{
> > +	char *retval;
> > +
> > +	retval =3D (char *)malloc(((strlen(src) * 4) + 1));
> > +	if (stdin_ok && (retval !=3D NULL)) {
> > +		(void)strvis(retval, src, VIS_NL | VIS_CSTYLE);
> > +		return retval;
>=20
> For what it's worth, this will overflow for certain large lengths of=20
> src. I think the magic values start at strlen(src) =3D SIZE_T_MAX/4.
> [(4*SIZE_T_MAX/4) + 1 =3D SIZE_T_MAX + 1 -> int overflow.]
> This will result in less memory being allocated than is expected
> when using gcc.

Well, but given that SIZE_T_MAX >> MAXPATHLEN, this should never occur,
right?

-Jan

--=20
42

--oTHb8nViIGeoXxdp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE/G/befFtkr68iakwRAli/AJ9Aot8yCC/GN57kzftpr6SKN06RqQCgtwbP
Yulsh9le+0iA1+rYbfKP8SU=
=AmyS
-----END PGP SIGNATURE-----

--oTHb8nViIGeoXxdp--