* Frank Küster:
> It also seems that there are some buffer overflows in 3.00 that do not
> have any tests, e.g. in XRef.cc, line 391 after patch-CAN-2004-0888 has
> been applied. Or is such a check
>
> if (newSize < 0) {
> goto err1;
> }
>
> enough to detect an integer overflow, because newSize is signed?No, it's not, see: <http://cert.uni-stuttgart.de/advisories/c-integer-overflow.php> I should retry with GCC 4.1; it might actually perform the optimization.
