On Thu, Feb 12, 2026 at 11:56:19PM +0100, Alejandro Colomar via Mutt-dev wrote: > This avoids an explicit size multiplication, which can overflow the > calculation. > > Signed-off-by: Alejandro Colomar <[email protected]> > Cherry-picked-from: neomutt.git 7df621a105e2 (2024-05-09, "Use wmem*() > functions with wide-character strings") > [alx: Adapted diff and message to mutt(1)] > Signed-off-by: Alejandro Colomar <[email protected]> > --- > enter.c | 27 ++++++++++++++------------- > 1 file changed, 14 insertions(+), 13 deletions(-) > > diff --git a/enter.c b/enter.c > index 54e81178b3c5..ba8b9963659c 100644 > --- a/enter.c > +++ b/enter.c > @@ -29,6 +29,7 @@ > #include "buffy.h" > > #include <string.h> > +#include <wchar.h> > > /* redraw flags for mutt_enter_string() */ > enum > @@ -175,7 +176,7 @@ static void replace_part (ENTER_STATE *state, size_t > from, char *buf) > if (savelen) > { > savebuf = safe_calloc (savelen, sizeof (wchar_t)); > - memcpy (savebuf, state->wbuf + state->curpos, savelen * sizeof > (wchar_t)); > + wmemcpy (savebuf, state->wbuf + state->curpos, savelen);
If there was going to be an overflow, safe_calloc() would have crashed the system, so we can "know" that if it returns, it's all good so there will not be any overflow happening. So I don't think this patch actually does anything except make code checking tools happy because it can not actually read the logic :) thanks, greg k-h
