Just noticed one other thing I didn't notice before: On Sun, Dec 07, 2014 at 02:27:13PM -0800, Kevin J. McCarthy wrote: > Add parameter checking and abort to mutt_substrdup. (references #3716) [...] > if (end) > len = end - begin;
This strikes me as wrong. It depends on how the caller passes end... but this seems likely a fence post error to me (obviously I did not look--I would do so now but I need to step out, so I just have time to type this quick note). If the string is size 4, and starts at address 0, then it occupies addresses 0-3. 3-0 - 3, not 4. Obviously if end is the next character after the end of the string, this works as expected. If that is the case it should be called out as such with a comment. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpM9fNGAxUW4.pgp
Description: PGP signature
