James Hawkins wrote:
On 4/7/06, Tom Spear (Dustin Booker, Dustin Navea) <[EMAIL PROTECTED]> wrote:
if (srclen < 0) srclen = strlenW(src) + 1;
so we never access the string with a negative index.
Umm, all that does is increment it by 1... What if _somehow_ (dont ask
me how, just venturing a guess) a bogus number is passed by strlenW(src)
like -3789246? Then you end up with srclen == -3789245...
strlen returns a value of type size_t, which is an unsigned value, so
this is always going to be positive.
But strlenW returns an int. I think this is the thing that Coverity is
picking up on.
--
Rob Shearman
