On Tuesday 2009-07-14 16:46 +0100, Roy Marples output:
:- newlen = off + len + 1;
:- /* Ensure that the resultant buffer length fits in ssize_t */
:- if (newlen > (size_t)SSIZE_MAX + 1) {
:+ newlen = off + len;
:+ /* Ensure that the resultant buffer length fits in ssize_t. */
:+ if (newlen > SSIZE_MAX) {
I may have explained this poorly. "newlen", "off" and "len" are
signed numbers. If the addition "off + len" overflows ssize_t (also signed),
then "newlen" is now negative and will never be greater than SSIZE_MAX. Yes?
Of course, since the comparison is with SSIZE_MAX (as the maximum of the
signed numbers in that comparison) nothing is greater than it. Or my
understanding is really wonky. Ah well, it is 2 a.m. here.
Regards,
Geoff
