I've been tracking down some integer overflows in Firefox and seem to have narrowed some of them down to the SafeInt library.
As an example, the "a = -a;" assignment at SafeInt3.hpp:2102 is sometimes invoked while a has value INT_MIN. Of course, negating INT_MIN is undefined behavior in C++98 and C++11.
To reproduce, change the code like this:
if( a < 0 )
if (a==INT_MIN) printf ("oops!\n");
a = -a;
fIsNegative = true;
Then run MultVerify(). Here is what I get:
[regehr@gamow safeint]$ g++ -O -w TestMain.cpp MultVerify.cpp -o TestMain
[regehr@gamow safeint]$ ./TestMain
This is 3.0.16p. There are some other overflows in SafeInt, please let me know if you are interested in bug reports about them.