It doesn't look like a problem with sizeof per se, but more
like a problem with incorrect grouping. At a guess (looking only
at the diffs, not motivated to go hunt up the complete source and
acquaint myself with the conventions, expectations, context, culture,
and street argot thereof), it looks like they wanted `sizeof(key) - r'
instead of `sizeof(key - r)' -- but that's far from certain, as the
diffs are considerably more voluminous than "a quick sizeof fix"
would warrant. Looks like either (1) other fixes were mixed in,
or (2) "the sizeof problem" was only a small part of the picture.
Anyhow, this isn't the first example of faulty code ever to
be seen under the, er, Sun. Flawless software is fairly rare ...
> 2:
http://www.theregister.co.uk/2013/03/26/netbsd_crypto_bug/
Not informative; don't know why you included it.
--
Eric Sosman
eso...@comcast-dot-net.invalid