James Hawkins wrote:
On 4/7/06, Tom Spear (Dustin Booker, Dustin Navea) speeddymon@gmail.com wrote:
if (srclen < 0) srclen = strlenW(src) + 1;
so we never access the string with a negative index.
Umm, all that does is increment it by 1... What if _somehow_ (dont ask me how, just venturing a guess) a bogus number is passed by strlenW(src) like -3789246? Then you end up with srclen == -3789245...
strlen returns a value of type size_t, which is an unsigned value, so this is always going to be positive.
But strlenW returns an int. I think this is the thing that Coverity is picking up on.