Fix unlikely pointer overflow in abspath

* src/function.c (abspath): len is now ptrdiff_t,
to avoid GCC warning about comparing signed to unsigned.
It really is a pointer difference, after all.
Rejigger comparision to avoid undefined behavior
if dest + len is an invalid pointer.

diff --git a/src/function.c b/src/function.c
index 133e33a3abac0f9ef51ffb058410298c7d45d9f9..b4c38052dd2b32d074c1c0cfc88feb406df7d33e 100644 (file)
--- a/src/function.c
+++ b/src/function.c
@@ -2119,7 +2119,7 @@ abspath (const char *name, char *apath)
 
   for (start = end = name; *start != '\0'; start = end)
     {
-      size_t len;
+      ptrdiff_t len;
 
       /* Skip sequence of multiple path-separators.  */
       while (ISDIRSEP (*start))
@@ -2147,7 +2147,7 @@ abspath (const char *name, char *apath)
           if (! ISDIRSEP (dest[-1]))
             *dest++ = '/';
 
-          if (dest + len >= apath_limit)
+          if (apath_limit - dest <= len)
             return NULL;
 
           dest = mempcpy (dest, start, len);