On 06/10/16 at 07:32am, Tobias Stöckmann wrote: > > > On June 10, 2016 at 2:38 AM Andrew Gregory <[email protected]> > > wrote: > > strlen doesn't count the terminating NUL, so strlen(x) + 1 is at most > > the size of the array, which by definition has to fit into a size_t. > > Then take the typical "len = strlen(a) + strlen(b) + 1" followed by malloc and > snprintf.
Again, yes, that code is technically incorrect unless the programmer knows it won't overflow. The fact that code like that does the right thing 99% of the time is no excuse for it doing the wrong thing 1% of the time. > And check your typical strlen implementation which would have to be a strnlen > with SIZE_MAX then. > > These implementations are not around. For good reasons. Again, strlen operates on character arrays, the length of which must fit into a size_t by definition.
