From 5d5c5ee9c5479677de30aa8faff7ccd51b944b91 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Mon, 11 Sep 2017 22:00:00 -0700 Subject: Fix undefined-behavior with integer math As reported to me: "A calculation on signed integers has undefined behaviour if the result is not representable in the type. In this case, it's trying to negate int_min, aka -2^31 but the range of an int is [-2^31, 2^31-1] so it doesn't fit. Instead, cast to unsigned which has 2's complement wrap-around arithmetic which is what this particular function expects." --- src/cairo-fixed-private.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cairo-fixed-private.h b/src/cairo-fixed-private.h index 9ff8f7503..5f9ce684c 100644 --- a/src/cairo-fixed-private.h +++ b/src/cairo-fixed-private.h @@ -223,7 +223,7 @@ _cairo_fixed_integer_ceil (cairo_fixed_t f) if (f > 0) return ((f - 1)>>CAIRO_FIXED_FRAC_BITS) + 1; else - return - (-f >> CAIRO_FIXED_FRAC_BITS); + return - ((cairo_fixed_t)(-(cairo_fixed_unsigned_t)f) >> CAIRO_FIXED_FRAC_BITS); } /* A bunch of explicit 16.16 operators; we need these -- cgit v1.2.3