From 4aa33005c0f8f2772f7b8ee44c47e616239b7b99 Mon Sep 17 00:00:00 2001
From: Matt Stancliff <matt@genges.com>
Date: Fri, 1 Aug 2014 13:01:33 -0400
Subject: [PATCH] Fix intset midpoint selection

The classic (min+max)/2 is provably unsafe.  Fixed
as recommended in research:
http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html

Fix inspired by @wjin, but I used a different approach.
(later, I found @kuebler fixed the same issue too).

Fixes #1741, #1602
---
 src/intset.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/intset.c b/src/intset.c
index b61530e45198..5d894e3cd08b 100644
--- a/src/intset.c
+++ b/src/intset.c
@@ -133,7 +133,7 @@ static uint8_t intsetSearch(intset *is, int64_t value, uint32_t *pos) {
     }
 
     while(max >= min) {
-        mid = (min+max)/2;
+        mid = ((unsigned int)min + (unsigned int)max) >> 1;
         cur = _intsetGet(is,mid);
         if (value > cur) {
             min = mid+1;