On 12/29/20 11:34 AM, Adhemerval Zanella wrote:
>                idx_t len = strlen (end);
> +              if (INT_ADD_OVERFLOW (len, n))
> +                {
> +                  __set_errno (ENAMETOOLONG);
> +                  goto error_nomem;
> +                }


The other patches in this glibc patch series look good to me. However, 
this patch has some problems. First, the overflow check does not handle 
the case where strlen (end) does not fit into len. Second, ENAMETOOLONG 
is not the right errno; it should be ENOMEM because not enough memory 
can be allocated (this is what scratch_buffer, malloc, etc. do in 
similar situations). Third (and less important), the overflow check is 
not needed on practical 64-bit platforms either now or in the forseeable 
future.

I installed the attached patch into Gnulib to fix the bug in a way I 
hope is better. The idea is that you should be able to sync this into 
glibc without needing a patch like the above.