Hi Greg, On 2026-02-13T08:34:14+0100, Greg KH wrote: > On Thu, Feb 12, 2026 at 11:56:19PM +0100, Alejandro Colomar via Mutt-dev > wrote: > > This avoids an explicit size multiplication, which can overflow the > > calculation. > > > > Signed-off-by: Alejandro Colomar <[email protected]> > > Cherry-picked-from: neomutt.git 7df621a105e2 (2024-05-09, "Use wmem*() > > functions with wide-character strings") > > [alx: Adapted diff and message to mutt(1)] > > Signed-off-by: Alejandro Colomar <[email protected]> > > --- [...] > > @@ -175,7 +176,7 @@ static void replace_part (ENTER_STATE *state, size_t > > from, char *buf) > > if (savelen) > > { > > savebuf = safe_calloc (savelen, sizeof (wchar_t)); > > - memcpy (savebuf, state->wbuf + state->curpos, savelen * sizeof > > (wchar_t)); > > + wmemcpy (savebuf, state->wbuf + state->curpos, savelen); > > If there was going to be an overflow, safe_calloc() would have crashed > the system, so we can "know" that if it returns, it's all good so there > will not be any overflow happening.
True; and I've made that same argument elsewhere; I don't understand why I wrote that in the commit message. It was a long time ago... > > So I don't think this patch actually does anything except make code > checking tools happy because it can not actually read the logic :) Actually, it improves the readability. I would do it even if only for that. Also, wmemcpy(3) is more type-safe, as it doesn't use void*. > > thanks, > > greg k-h Have a lovely day! Alex -- <https://www.alejandro-colomar.es>
signature.asc
Description: PGP signature
