On Sat, Dec 06, 2014 at 11:28:37AM -0600, Derek Martin wrote: > Likewise, mutt_substrdup() should check its arguments to make sure > they can not produce a string of size less than 0, and abort if they > would.
Note that in the case of size == 0, mutt_substrdup() need not call
safe_malloc() at all, it can simply return strdup(""). It needs to do
at least that though, as the caller will expect that it needs to free
its return value. That is, unless analysis can prove that no caller
ever expects the possibility of a zero-length substring, in which case
that case also can trigger an abort().
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpclVnFgr18O.pgp
Description: PGP signature
