mp_binary_get_int: avoid undefined behavior

Left shift of negative numbers is undefined in the "C" standard.  Multiplying
by 256 has the intended effect (in the absence of integer overflow, anyway),
can be implemented using the same shift instruction, but does not invoke
undefined behavior.

This problem was found using clang 7's scan-build static analyzer.
This commit is contained in:
Jeff Epler 2019-10-08 10:48:25 +09:00
parent 4eb11fbde6
commit 0d96f1906b

View File

@ -184,7 +184,7 @@ long long mp_binary_get_int(mp_uint_t size, bool is_signed, bool big_endian, con
val = -1; val = -1;
} }
for (uint i = 0; i < size; i++) { for (uint i = 0; i < size; i++) {
val <<= 8; val *= 256;
val |= *src; val |= *src;
src += delta; src += delta;
} }