summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBehdad Esfahbod <behdad@behdad.org>2017-09-11 22:00:00 -0700
committerBryce Harrington <bryce@osg.samsung.com>2017-12-04 16:21:33 -0800
commit5d5c5ee9c5479677de30aa8faff7ccd51b944b91 (patch)
tree9db0b223cd41831533ec0d0c6b37313456b315b2
parentea42e027d9abb3ba13cf8c63949a166797991daf (diff)
Fix undefined-behavior with integer math
As reported to me: "A calculation on signed integers has undefined behaviour if the result is not representable in the type. In this case, it's trying to negate int_min, aka -2^31 but the range of an int is [-2^31, 2^31-1] so it doesn't fit. Instead, cast to unsigned which has 2's complement wrap-around arithmetic which is what this particular function expects."
-rw-r--r--src/cairo-fixed-private.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cairo-fixed-private.h b/src/cairo-fixed-private.h
index 9ff8f7503..5f9ce684c 100644
--- a/src/cairo-fixed-private.h
+++ b/src/cairo-fixed-private.h
@@ -223,7 +223,7 @@ _cairo_fixed_integer_ceil (cairo_fixed_t f)
if (f > 0)
return ((f - 1)>>CAIRO_FIXED_FRAC_BITS) + 1;
else
- return - (-f >> CAIRO_FIXED_FRAC_BITS);
+ return - ((cairo_fixed_t)(-(cairo_fixed_unsigned_t)f) >> CAIRO_FIXED_FRAC_BITS);
}
/* A bunch of explicit 16.16 operators; we need these