Address integer overflows reported by a code analyser

These seee quite improbable. For example the output of /usr/sbin/netstat
would have to be larger than 2. So address with an assert() in the short
term.

src/ipv4.c

@@ -165,6 +165,7 @@ static int ipv4_get_route(struct rtentry *route)
 	/* this is not present on Mac OS X and FreeBSD */
 	int fd;
 	uint32_t total_bytes_read = 0;
+	ssize_t bytes_read;
 
 	// Cannot stat, mmap not lseek this special /proc file
 	fd = open("/proc/net/route", O_RDONLY);
@@ -173,10 +174,9 @@ static int ipv4_get_route(struct rtentry *route)
 		goto end;
 	}
 
-	int bytes_read;
-
 	while ((bytes_read = read(fd, buffer + total_bytes_read,
 	                          buffer_size - total_bytes_read - 1)) > 0) {
+		assert(bytes_read < UINT32_MAX && total_bytes_read < UINT32_MAX - bytes_read);
 		total_bytes_read += bytes_read;
 
 		if ((buffer_size - total_bytes_read) < 1) {
@@ -232,6 +232,7 @@ static int ipv4_get_route(struct rtentry *route)
 	while (fgets(line, buffer_size - total_bytes_read - 1, fp) != NULL) {
 		uint32_t bytes_read = strlen(line);
 
+		assert(total_bytes_read < UINT32_MAX - bytes_read);
 		total_bytes_read += bytes_read;
 
 		if (bytes_read > 0 && line[bytes_read - 1] != '\n') {

src/userinput.c

@@ -98,12 +98,14 @@ static char *uri_unescape(const char *string)
 
 static int pinentry_read(int from, char **retstr)
 {
-	int bufsiz = 0;
+	size_t bufsiz = 0;
 	char *buf = NULL, *saveptr = NULL;
-	int len = 0;
-	int ret;
+	size_t len = 0;
 
 	do {
+		ssize_t ret;
+
+		assert(bufsiz >= len);
 		if (bufsiz - len < 64) {
 			bufsiz += 64;
 			char *tmp = realloc(buf, bufsiz);
@@ -132,6 +134,7 @@ static int pinentry_read(int from, char **retstr)
 				*retstr = strdup("Short read");
 			return -1;
 		}
+		assert(len < SIZE_MAX - ret);
 		len += ret;
 	} while (buf[len - 1] != '\n');
 	// overwrite the newline with a null character