@@ -2016,6 +2016,11 @@ namespace SharedUtil
20162016 {
20172017 if (uiLength < 1 )
20182018 return ;
2019+
2020+ // Check for arithmetic overflow
2021+ if (uiStart + uiLength < uiStart || uiStart + uiLength - 1 < uiStart)
2022+ return ;
2023+
20192024 uint uiLast = uiStart + uiLength - 1 ;
20202025
20212026 // Make a hole
@@ -2031,34 +2036,68 @@ namespace SharedUtil
20312036 {
20322037 if (uiLength < 1 )
20332038 return ;
2039+
2040+ // Check for arithmetic overflow
2041+ if (uiStart + uiLength < uiStart || uiStart + uiLength - 1 < uiStart)
2042+ return ;
2043+
20342044 uint uiLast = uiStart + uiLength - 1 ;
20352045
20362046 RemoveObscuredRanges (uiStart, uiLast);
2037-
20382047 IterType iterOverlap;
20392048 if (GetRangeOverlappingPoint (uiStart, iterOverlap))
20402049 {
20412050 uint uiOverlapPrevLast = iterOverlap->second ;
20422051
2043- // Modify overlapping range last point
2044- uint uiNewLast = uiStart - 1 ;
2045- iterOverlap->second = uiNewLast;
2052+ // Modify overlapping range last point with underflow check
2053+ if (uiStart > 0 )
2054+ {
2055+ uint uiNewLast = uiStart - 1 ;
2056+ iterOverlap->second = uiNewLast;
20462057
2047- if (uiOverlapPrevLast > uiLast)
2058+ if (uiOverlapPrevLast > uiLast)
2059+ {
2060+ // Need to add range after hole
2061+ // Check for overflow when calculating uiLast + 1
2062+ if (uiLast < UINT_MAX)
2063+ {
2064+ uint uiNewStart = uiLast + 1 ;
2065+ m_StartLastMap[uiNewStart] = uiOverlapPrevLast;
2066+ }
2067+ }
2068+ }
2069+ else
20482070 {
2049- // Need to add range after hole
2050- uint uiNewStart = uiLast + 1 ;
2051- m_StartLastMap[uiNewStart] = uiOverlapPrevLast;
2071+ // Special case: uiStart is 0, remove the range entirely
2072+ m_StartLastMap.erase (iterOverlap);
2073+ if (uiOverlapPrevLast > uiLast)
2074+ {
2075+ // Check for overflow when calculating uiLast + 1
2076+ if (uiLast < UINT_MAX)
2077+ {
2078+ uint uiNewStart = uiLast + 1 ;
2079+ m_StartLastMap[uiNewStart] = uiOverlapPrevLast;
2080+ }
2081+ }
20522082 }
20532083 }
20542084
20552085 if (GetRangeOverlappingPoint (uiLast, iterOverlap))
20562086 {
20572087 // Modify overlapping range start point
2058- uint uiNewStart = uiLast + 1 ;
2059- uint uiOldLast = iterOverlap->second ;
2060- m_StartLastMap.erase (iterOverlap);
2061- m_StartLastMap[uiNewStart] = uiOldLast;
2088+ // Check for overflow when calculating uiLast + 1
2089+ if (uiLast < UINT_MAX)
2090+ {
2091+ uint uiNewStart = uiLast + 1 ;
2092+ uint uiOldLast = iterOverlap->second ;
2093+ m_StartLastMap.erase (iterOverlap);
2094+ m_StartLastMap[uiNewStart] = uiOldLast;
2095+ }
2096+ else
2097+ {
2098+ // If uiLast == UINT_MAX, we can't create a range after it, just remove the overlapping range
2099+ m_StartLastMap.erase (iterOverlap);
2100+ }
20622101 }
20632102 }
20642103
@@ -2067,6 +2106,11 @@ namespace SharedUtil
20672106 {
20682107 if (uiLength < 1 )
20692108 return false ;
2109+
2110+ // Check for arithmetic overflow
2111+ if (uiStart + uiLength < uiStart || uiStart + uiLength - 1 < uiStart)
2112+ return false ;
2113+
20702114 uint uiLast = uiStart + uiLength - 1 ;
20712115
20722116 IterType iter = m_StartLastMap.lower_bound (uiStart);
0 commit comments