On Mon, Mar 14, 2005 at 04:08:59AM +0000, Charles M. Hannum wrote:
> I haven't tested it, but I think the problem is real.  The code attempts to 
> bounds-check the length parameter, but it does not check that the input 
> pointer is okay first.  I think a slightly simpler patch would be just as 
> effective, and not add code to the inner copy loop.

Yep. Thanks for the fix, and thanks for Sean for alerting us to the problem.
Fix applied, tested & checked in.

- Frank