mp_binary_get_int: avoid undefined behavior
Left shift of negative numbers is undefined in the "C" standard. Multiplying by 256 has the intended effect (in the absence of integer overflow, anyway), can be implemented using the same shift instruction, but does not invoke undefined behavior. This problem was found using clang 7's scan-build static analyzer.
This commit is contained in:
parent
4eb11fbde6
commit
0d96f1906b
@ -184,7 +184,7 @@ long long mp_binary_get_int(mp_uint_t size, bool is_signed, bool big_endian, con
|
|||||||
val = -1;
|
val = -1;
|
||||||
}
|
}
|
||||||
for (uint i = 0; i < size; i++) {
|
for (uint i = 0; i < size; i++) {
|
||||||
val <<= 8;
|
val *= 256;
|
||||||
val |= *src;
|
val |= *src;
|
||||||
src += delta;
|
src += delta;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user