https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71224
Iain Buclaw <ibuclaw at gdcproject dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #6 from Iain Buclaw <ibuclaw at gdcproject dot org> --- Ugh, I've just realised that I still managed to get the condition guard wrong. So there is indeed a (very, very remote) chance that length would overflow. Though realloc will overflow and fail first under normal operations. I've instead gone and fixed it in the upstream library instead.