g13: Fix pointer wrap check.

* g13/utils.c (find_tuple, next_tuple): Cast pointer to size_t before
doing an overflow check.
--

Detected by Stack 0.3:

    bug: anti-simplify
  model: |
    %cmp4 = icmp ult i8* %add.ptr3, %s.0, !dbg !568
    -->  false
  stack:
    - /home/wk/s/gnupg/g13/utils.c:127:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g13/utils.c:127:0
      - pointer overflow

1 files changed, 6 insertions, 4 deletions

diff --git a/g13/utils.c b/g13/utils.c
index 6fe3e5ac1..4ab4799cd 100644
--- a/g13/utils.c
+++ b/g13/utils.c
@@ -124,14 +124,16 @@ find_tuple (tupledesc_t tupledesc, unsigned int tag, size_t *r_length)
   s_end = s + tupledesc->datalen;
   while (s < s_end)
     {
-      if (s+3 >= s_end || s + 3 < s)
+      /* We use addresses for the overflow check to avoid undefined
+         behaviour.  size_t should work with all flat memory models.  */
+      if ((size_t)s+3 >= (size_t)s_end || (size_t)s + 3 < (size_t)s)
         break;
       t  = s[0] << 8;
       t |= s[1];
       n  = s[2] << 8;
       n |= s[3];
       s += 4;
-      if (s + n > s_end || s + n < s)
+      if ((size_t)s + n > (size_t)s_end || (size_t)s + n < (size_t)s)
         break;
       if (t == tag)
         {
@@ -159,14 +161,14 @@ next_tuple (tupledesc_t tupledesc, unsigned int *r_tag, size_t *r_length)
   s_end = s + tupledesc->datalen;
   s += tupledesc->pos;
   if (s < s_end
-      && !(s+3 >= s_end || s + 3 < s))
+      && !((size_t)s + 3 >= (size_t)s_end || (size_t)s + 3 < (size_t)s))
     {
       t  = s[0] << 8;
       t |= s[1];
       n  = s[2] << 8;
       n |= s[3];
       s += 4;
-      if (!(s + n > s_end || s + n < s))
+      if (!((size_t)s + n > (size_t)s_end || (size_t)s + n < (size_t)s))
         {
           tupledesc->pos = (s + n) - tupledesc->data;
           *r_tag = t;