On Tue, May 7, 2013 at 10:24 PM, Zhenbo Xu <zhenbo1...@gmail.com> wrote: > 2. Out of bound > file: function.c > function: func_sort > At line 1150: words = xmalloc (wordi * sizeof (char *)); > The value of wordi may be 1. > > At line 1171: if (i == wordi - 1 || strlen (words[i + 1]) != len > words[i + 1] may cause overflow.
no because i < wordi - 1 ( i < wordi because of the for() condition, and if i == wordi - 1 then the || evaluation is shortcut-ed by i == wordi - 1, hence strlen() is not evaluated) also note that the wordi in the alloc is a 1-based index whereas the wordi in the for loop is a 0-based index _______________________________________________ Bug-make mailing list Bug-make@gnu.org https://lists.gnu.org/mailman/listinfo/bug-make
