https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105857
--- Comment #13 from Jonathan Wakely <redi at gcc dot gnu.org> --- (In reply to Jonathan Wakely from comment #12) > Overflow is possible though. If you call it with max = (-1ull / 4 + 2) then > the alloca length will be 4. If (from_end - from) requires more than 4 wide Actually 4 bytes, so 1 wide character. > characters, we'll overflow the alloca buffer. Except that inside mbsnrtowcs glibc does the same len * sizeof(wchar_t) calculation with the value that libstdc++ passes it, and comes up with the same value of 4. So it won't write more than 1 wide character.
