On 12/16/2014 02:10 AM, Mark Wielaard wrote: >> I think src/elfcmp.c compare_Elf32_Word() is also wrong, as big u32 >> values could wrap int subtraction. I didn't find any others. > > Ah, missed that Elf32_Word is unsigned. There is an assert that makes > sure it is at least as wide as an int, but that isn't enough indeed.
Oh actually, unsigned is a red herring. Even cmp(INT_MIN, 1) will get the wrong answer if you use subtraction. Or cmp(0, INT_MIN), or many more. Any time the span can be more than INT_MAX, it's a problem. Maybe even more so with signed, since overflow is undefined! > Proposed fix attached. Looks good.
