On Sun, Sep 8, 2013 at 11:01 AM, Jim Meyering <[email protected]> wrote: > On Sun, Sep 8, 2013 at 2:53 AM, Aharon Robbins <[email protected]> wrote: >> The following fix to dfa.c was suggested by a static checking tool. >> I'm applying it in the gawk code base. >> >> Basically, it's theoretically possible for len to have run off the end >> of the `str' array. >>... > > Hi Arnold, > > Thanks, but that makes it look like "str" will instead fail to be > NUL-terminated, > in which case the following strcmp (aka STREQ) would overrun the buffer. > Yes, this is all theoretical, but still... > > I see that the current limit is 31: > > $ for i in 30 31 32 33; do printf "$i "; src/grep -E '[[:'$(perl -e > 'print "a"x'$i)':]]'; done > 30 src/grep: Invalid character class name > 31 src/grep: Invalid character class name > 32 src/grep: Unmatched [ or [^ > 33 src/grep: Unmatched [ or [^ > > So I propose this patch instead:
Hi Arnold, I was going to push that change, but then realized I didn't know which static analysis tool you were referring to. Which was it?
