I have read the following vulnerability report in grep and the associated commit in which all the integer and unsigned integer are replaced by size_t.
I have a simple question: is replacing unsigned integer by size_tavoiding number overflow (or other type of attack? If it is why? (In fact I don't see what it changes because I believed that the definition of size_t was typedef unsigned int size_t;).
size_t may be typedef'ed to unsigned int on your system but this may not be true on other systems, particularly embedded (non-X86) systems. By ANSI standard, unsigned int can me as small as 16 bits.
size_t is defined on each system to be guaranteed to be large enough to give the size of any possible object on that system.
In the case of this vulnerability, I'm guessing that (unsigned int) -> (size_t) was not actually part of the fix, at least on X86 systems, but part of an associated clean-up to guarantee that no problems remain.
It's also just good programming practice.