From c96e8a8c1912f6af05a932bd612cf846a3547b5c Mon Sep 17 00:00:00 2001
From: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Date: Thu, 26 Apr 2007 13:59:01 +0200
Subject: [PATCH] Better underflow and overflow handling in
 Packer::findOverlapOverhead().

---
 src/packer.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/packer.cpp b/src/packer.cpp
index 118dc17e..1199854f 100644
--- a/src/packer.cpp
+++ b/src/packer.cpp
@@ -500,14 +500,16 @@ unsigned Packer::findOverlapOverhead(const upx_bytep buf,
             overhead = m;
             // Succeed early if m lies in [low .. low+range-1], i.e. if
             // if the range of the current interval is <= range.
-            //if (m <= low + range - 1)
-            if (m + 1 <= low + range)   // avoid underflow
+            //   if (m <= low + range - 1)
+            //   if (m <  low + range)
+            if (m - low < range)                    // avoid underflow
                 break;
             high = m - 1;
         }
         else
             low = m + 1;
-        m = (low + high) / 2;
+        ////m = (low + high) / 2;
+        m = (low & high) + ((low ^ high) >> 1);     // avoid overflow
     }
 
     //printf("findOverlapOverhead: %d (%d tries)\n", overhead, nr);