Fix INTEGER_OVERFLOW in gen_tables.h

mikhailnov · stevegrubb · commit 98f32bff9f2a · 2026-02-28T16:29:39.000-05:00
Use ssize_t instead of size_t for binary search index

Fix integer underflow in gen_tables.h by changing mid from size_t to
ssize_t in s2i__() and i2s_bsearch__(). This prevents mid - 1 from
wrapping to SIZE_MAX when mid is 0, which would break the binary search
loop termination condition.

Resolves Svace INTEGER_OVERFLOW warning (for audit-userspace v3.0.8):
  An integer underflow may occur due to arithmetic operation
  (unsigned subtraction) between variable 'mid' and value '1',
  when 'mid' is equal to '0' (CWE125, CWE190, CWE191)
  Location: gen_tables.h:90

Co-authored-by: Z.AI GLM-5
diff --git a/lib/gen_tables.h b/lib/gen_tables.h
@@ -36,7 +36,8 @@ inline static int s2i__(const char *strings, const unsigned *s_table,
 	ssize_t left = 0, right = n - 1;
 
 	while (left <= right) {	/* invariant: left <= x <= right */
-		size_t mid, off, i;
+		ssize_t mid;
+		size_t off, i;
 		const char *t;
 		int r;
 
@@ -87,7 +88,7 @@ inline static const char *i2s_bsearch__(const char *strings,
 	left = 0;
 	right = n - 1;
 	while (left <= right) {	/* invariant: left <= x <= right */
-		size_t mid;
+		ssize_t mid;
 		int mid_val;
 
 		mid = (left + right) / 2;
