On Fri, Feb 13, 2026 at 02:36:29PM +0100, Alejandro Colomar wrote: > Hi Greg, > > On 2026-02-13T08:34:14+0100, Greg KH wrote: > > On Thu, Feb 12, 2026 at 11:56:19PM +0100, Alejandro Colomar via Mutt-dev > > wrote: > > > This avoids an explicit size multiplication, which can overflow the > > > calculation. > > > > > > Signed-off-by: Alejandro Colomar <[email protected]> > > > Cherry-picked-from: neomutt.git 7df621a105e2 (2024-05-09, "Use wmem*() > > > functions with wide-character strings") > > > [alx: Adapted diff and message to mutt(1)] > > > Signed-off-by: Alejandro Colomar <[email protected]> > > > --- > [...] > > > @@ -175,7 +176,7 @@ static void replace_part (ENTER_STATE *state, size_t > > > from, char *buf) > > > if (savelen) > > > { > > > savebuf = safe_calloc (savelen, sizeof (wchar_t)); > > > - memcpy (savebuf, state->wbuf + state->curpos, savelen * sizeof > > > (wchar_t)); > > > + wmemcpy (savebuf, state->wbuf + state->curpos, savelen); > > > > If there was going to be an overflow, safe_calloc() would have crashed > > the system, so we can "know" that if it returns, it's all good so there > > will not be any overflow happening. > > True; and I've made that same argument elsewhere; I don't understand why > I wrote that in the commit message. It was a long time ago... > > > > > So I don't think this patch actually does anything except make code > > checking tools happy because it can not actually read the logic :) > > Actually, it improves the readability. I would do it even if only for > that. Also, wmemcpy(3) is more type-safe, as it doesn't use void*.
No objection if you do it for that, just don't claim it could "fix an overflow" as people tend to freak out over stuff like that :) thanks, greg k-h
