@SuperDicq @hfaust >to mitigate using (var + 1 < size).
GCC's optimizer is so good it will detect that there's no way var + 1 will be smaller than var (signed integer overflow is undefined), therefore it optimizes out such check.

In the case where you have to add something to a variable from an input file that can be crafted by an attacker, you must use either use unsigned integers, or use __builtin_add_overflow() to avoid overflows.