> Are you saying that it's a security issue?
> How?
Because it has no means of detecting or representing numeric overflow (according to it's spec at any rate).

If you were to implement atoi() in a naive manner, then numeric overflow would surely result at some point of a purposely constructed long string.

And since the ANSI C standard allows for the possibility of hardware overflow generating an exception, the whole thing becomes untenable.