> It also seems that there are some buffer overflows in 3.00 that do not
> have any tests, e.g. in XRef.cc, line 391 after patch-CAN-2004-0888 has
> been applied. Or is such a check
>
> if (newSize < 0) {
> goto err1;
> }
>
> enough to detect an integer overflow, because newSize is signed?
* Frank Küster:
> It also seems that there are some buffer overflows in 3.00 that do not
> have any tests, e.g. in XRef.cc, line 391 after patch-CAN-2004-0888 has
> been applied. Or is such a check
>
> if (newSize < 0) {
> goto err1;
> }
>
> enough to detect an integer overflow, because newSize is signed?
No, it's not, see:
<http:// cert.uni- stuttgart. de/advisories/ c-integer- overflow. php>
I should retry with GCC 4.1; it might actually perform the
optimization.