On Sat, Nov 21, 2015 at 06:57:30AM -0500, Greg Reagle wrote: > On Sat, Nov 21, 2015 at 11:08:08AM +0100, Martti Kühne wrote: > > What makes you think this is an overflow? > > Because the segmentation fault occurs when ptr goes past the end of buf.
But you're right that buflen becomes a negative number sometimes too. This function was written with no bounds checking on either buflen or ptr. I've been trying to wrap my head around how to do it properly.
