Fix size parameter comparisions.

[BZ #13592]
There are several signed compares of the size argument, whereas
it really is unsigned.  Depending on situations e.g. a "memset(ptr, 0,
-1)" segfault (but for the wrong reasons, because jumping into nirvana)
or succeeds even.

In normal use this is harmless, as a size with signbit set indicates
more than half the address space which on x86_64 is impossible to
allocate, but as the size is used to index some jump tables this
potentially could have other unwanted side effects.

1 files changed, 5 insertions, 5 deletions

diff --git a/NEWS b/NEWS
index 2f0e764..e20b5ec 100644
--- a/NEWS
+++ b/NEWS
@@ -15,11 +15,11 @@ Version 2.16
   10110, 10135, 10140, 10210, 10346, 10545, 10716, 11174, 11322, 11365,
   11451, 11494, 12047, 12340, 13058, 13525, 13526, 13527, 13528, 13529,
   13530, 13531, 13532, 13533, 13547, 13551, 13552, 13553, 13555, 13559,
-  13566, 13583, 13618, 13637, 13656, 13658, 13673, 13691, 13695, 13704,
-  13706, 13726, 13738, 13760, 13761, 13786, 13792, 13806, 13824, 13840,
-  13841, 13844, 13846, 13851, 13852, 13854, 13871, 13879, 13883, 13892,
-  13908, 13910, 13911, 13912, 13913, 13915, 13916, 13917, 13918, 13919,
-  13920, 13921, 13926, 13928, 13938
+  13566, 13583, 13592, 13618, 13637, 13656, 13658, 13673, 13691, 13695,
+  13704, 13706, 13726, 13738, 13760, 13761, 13786, 13792, 13806, 13824,
+  13840, 13841, 13844, 13846, 13851, 13852, 13854, 13871, 13879, 13883,
+  13892, 13908, 13910, 13911, 13912, 13913, 13915, 13916, 13917, 13918,
+  13919, 13920, 13921, 13926, 13928, 13938
 
 * ISO C11 support: