Jacek Caban (@jacek) commented about dlls/rpcrt4/ndr_marshall.c:
* to do so */ static inline void safe_copy_from_buffer(MIDL_STUB_MESSAGE *pStubMsg, void *p, ULONG size) { - if ((pStubMsg->Buffer + size < pStubMsg->Buffer) || /* integer overflow of pStubMsg->Buffer */ - (pStubMsg->Buffer + size > pStubMsg->BufferEnd)) + if (size > (SIZE_T)(pStubMsg->BufferEnd - pStubMsg->Buffer)) /* integer overflow of pStubMsg->Buffer */ The Clang warning comes from the fact that unsigned (and, by extension, pointer) overflow is undefined behavior in C, and this subtraction is technically the same situation.
I suppose we could first check that `BufferEnd` is not smaller than `Buffer` and then perform the comparison as you did, but without the `SIZE_T` cast. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/7231#note_94871