Wireshark-dev: [Wireshark-dev] GCC 4.2 might cause some overflow checks not to work
http://www.kb.cert.org/vuls/id/162289
In short, if, for example, any code that has a pointer into a buffer and
a length of an object in a buffer, and checks to make sure that the
length is sane by checking that buffer+length >= buffer, that code won't
work in GCC 4.2 because GCC 4.2 assumes that if you add an integer value
to a pointer value, the resulting pointer value will be greater than or
equal to the original pointer value, and doesn't bother checking for that.
I'm not sure whether that's an issue for integer addition; the CERT
Secure Coding site makes recommendations other than
foo = a + b;
if (foo < a)
overflow!
for checking whether that sum overflows:
https://www.securecoding.cert.org/confluence/display/seccode/INT32-C-a.+Ensure+that+integer+addition+operations+do+not+result+in+an+overflow