Wireshark-dev: [Wireshark-dev] GCC 4.2 might cause some overflow checks not to work

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 09 Apr 2008 11:26:56 -0700
	http://www.kb.cert.org/vuls/id/162289

In short, if, for example, any code that has a pointer into a buffer and a length of an object in a buffer, and checks to make sure that the length is sane by checking that buffer+length >= buffer, that code won't work in GCC 4.2 because GCC 4.2 assumes that if you add an integer value to a pointer value, the resulting pointer value will be greater than or equal to the original pointer value, and doesn't bother checking for that.

I'm not sure whether that's an issue for integer addition; the CERT Secure Coding site makes recommendations other than

	foo = a + b;
	if (foo < a)
		overflow!

for checking whether that sum overflows:

	https://www.securecoding.cert.org/confluence/display/seccode/INT32-C-a.+Ensure+that+integer+addition+operations+do+not+result+in+an+overflow