In this situation, the space for the final file name is computed using "strlen", so it seems to me that copying the file name into that space using "strcpy" is valid. Both go until a NUL byte is found, and so operate consistently. Am I missing something?
The issue with using signed ints is valid. However, on today's 64 bit systems you are not going to be able to allocate enough virtual memory to hit the problem. A Google search tells me that non-standard "xmalloc" will abort if it cannot allocate the needed memory, so there isn't a hole there.
Again, what am I missing here?