diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c
--- shadow-4.1.4.2/src/faillog.c.overflow	2010-06-14 10:40:28.023030897 +0200
+++ shadow-4.1.4.2/src/faillog.c	2010-06-14 10:53:10.884034750 +0200
@@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s
 		return;
 	}
 
-	offset = pw->pw_uid * sizeof (fl);
-	if (offset <= (statbuf.st_size - sizeof (fl))) {
+	offset = (off_t) pw->pw_uid * sizeof (fl);
+	if (offset + sizeof (fl) <= statbuf.st_size) {
 		/* fseeko errors are not really relevant for us. */
 		int err = fseeko (fail, offset, SEEK_SET);
 		assert (0 == err);
@@ -206,8 +206,8 @@ static bool reset_one (uid_t uid)
 	off_t offset;
 	struct faillog fl;
 
-	offset = uid * sizeof (fl);
-	if (offset <= (statbuf.st_size - sizeof (fl))) {
+	offset = (off_t) uid * sizeof (fl);
+	if (offset + sizeof (fl) <= statbuf.st_size) {
 		/* fseeko errors are not really relevant for us. */
 		int err = fseeko (fail, offset, SEEK_SET);
 		assert (0 == err);
@@ -294,7 +294,7 @@ static bool setmax_one (uid_t uid, int m
 	struct faillog fl;
 
 	offset = (off_t) uid * sizeof (fl);
-	if (offset <= (statbuf.st_size - sizeof (fl))) {
+	if (offset + sizeof (fl) <= statbuf.st_size) {
 		/* fseeko errors are not really relevant for us. */
 		int err = fseeko (fail, offset, SEEK_SET);
 		assert (0 == err);
@@ -385,7 +385,7 @@ static bool set_locktime_one (uid_t uid,
 	struct faillog fl;
 
 	offset = (off_t) uid * sizeof (fl);
-	if (offset <= (statbuf.st_size - sizeof (fl))) {
+	if (offset + sizeof (fl) <= statbuf.st_size) {
 		/* fseeko errors are not really relevant for us. */
 		int err = fseeko (fail, offset, SEEK_SET);
 		assert (0 == err);