macro: paranoia about overflow

E.g. Consider the case ALIGN_TO(SIZE_MAX - 3, 4). The overflow check
passes as the condition
```
SIZE_MAX - 3 > SIZE_MAX - (4 - 1)
```
is false.
However, the value
```
l + ali - 1
```
may overflow as it is equivalent to
```
SIZE_MAX - 3 + 4 - 1
```

diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
index fa9aeafb98ec28be38e47ed620fab904a96bbf78..a311b01e30c4248e7f2d868dd43b5dfac880ce54 100644 (file)
--- a/src/fundamental/macro-fundamental.h
+++ b/src/fundamental/macro-fundamental.h
@@ -376,7 +376,7 @@ static inline size_t ALIGN_TO(size_t l, size_t ali) {
         if (l > SIZE_MAX - (ali - 1))
                 return SIZE_MAX; /* indicate overflow */
 
-        return ((l + ali - 1) & ~(ali - 1));
+        return ((l + (ali - 1)) & ~(ali - 1));
 }
 
 #define ALIGN2(l) ALIGN_TO(l, 2)