Ah I wasn't aware anytostr put the numbers at the end of the buffer. That's confirmed by replacing the tmp buffer with one on the heap and running:
$ valgrind ./src/sort --debug +0 -1 /dev/null ==25943== Memcheck, a memory error detector. ==25943== Invalid write of size 1 ==25943== at 0x8051F25: umaxtostr (anytostr.c:34) ==25943== by 0x8050D95: main (sort.c:2336) ==25943== Address 0x4026f64 is 9 bytes after a block of size 11 alloc'd On 14/10/10 08:12, Paul Eggert wrote: > * src/sort.c (key_warnings): Local buffer should be of size > INT_BUFSIZE_BOUND (uintmax_t), not INT_BUFSIZE_BOUND (sword). > This bug was discovered by running 'make check' on a 32-bit > Solaris 8 sparc host, using Sun cc. So the test failed due to buffer overrun side effects? thanks! Pádraig.
