On Thu, Aug 04, 2016 at 11:24:32PM -0700, Junio C Hamano wrote: > I do not know if we want to worry about st_add(1, strlen(s1)) > overflow around here, though. > [...] > + size_t len = strlen(s1) + 1; I wondered that, too, but I don't think it's possible. To overflow the size_t with "+1", strlen() must return the maximum value that it can hold. But such a string would need one more byte than that, for its trailing NUL. So assuming you cannot have a string that exceeds size_t in the first place, I think it is impossible to overflow here. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html