> The function SH_START_ITERATE can trigger some overflow. > > See: > typedef struct SH_ITERATOR > { > uint32 cur; /* current element */ > uint32 end; > bool done; /* iterator exhausted? */ > } SH_ITERATOR; > > The cur field is uint32 size and currently can be stored a uint64, > which obviously does not fit.