Hi Paul,
> I installed the attached patch into Gnulib
> to fix the bug, which appears to be so unlikely that it's not worth
> losing sleep over.
Thanks! I've propagated it to GNU libsigsegv.
> As near as I can make out, this was the only defect report by Coverity
> that was not a false alarm.
On 6/13/24 05:34, Wasser Mai wrote:
Error: INTEGER_OVERFLOW (CWE-190):
diffutils-3.10/lib/stackvma.c:198:23: tainted_data_return: Called
function ""read(fd, rof->buffer + rof->filled, size - rof->filled)"",
and a possible return value may be less than zero.
diffutils-3.10/lib/stackvma.c:198:23: c
