The current secp256k1_ecmult_wnaf needs the unstated and unchecked assumption that int has at least 32 value bits when it VERIFY_CHECKs that w <= 31. In practice, we call it only with WINDOW_A == 5 and WINDOW_G == ECMULT_WINDOW_SIZE where the latter is configurable in the range 2..24.
A consequence of this “bug” is that the code fails on a 16-bit platform if you set ECMULT_WINDOW_SIZE > 16. I don’t think we need to support this, but code without unchecked assumptions is bad. So I suggest that we rewrite the function to use int32_t instead of int even if we don’t use my macro approach. (We can keep the “bit position” arguments and variables int.)
Alternatively, we could add the assumption that INT_MAX >= INT32_MAX but this forbids 16-bit platforms, and the code seems to work on them in principle; see #792 (comment).
Originally posted by @real-or-random in #1761#pullrequestreview-3432695127