From 9b85ffa5a760e53536762bf6cdf402c90ae9ceb7 Mon Sep 17 00:00:00 2001
From: Yukihiro Matsumoto <matz@ruby-lang.org>
Date: Thu, 1 Nov 2012 05:54:53 +0900
Subject: OP_ADDI/OP_SUBI should handle integer overflow; close #518

---
 src/vm.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/vm.c b/src/vm.c
index 120e0d4c0..953863a0b 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -1444,7 +1444,18 @@ mrb_run(mrb_state *mrb, struct RProc *proc, mrb_value self)
       /* need to check if + is overridden */
       switch (mrb_type(regs[a])) {
       case MRB_TT_FIXNUM:
-        regs[a].attr_i += GETARG_C(i);
+	{
+	  mrb_int x = regs[a].attr_i;
+	  mrb_int y = GETARG_C(i);
+	  mrb_int z = x + y;
+
+	  if (((x < 0) ^ (y < 0)) == 0 && (x < 0) != (z < 0)) {
+	    /* integer overflow */
+	    SET_FLT_VALUE(regs[a], (mrb_float)x + (mrb_float)y);
+	    break;
+	  }
+	  regs[a].attr_i = z;
+	}
         break;
       case MRB_TT_FLOAT:
         regs[a].attr_f += GETARG_C(i);
@@ -1464,7 +1475,18 @@ mrb_run(mrb_state *mrb, struct RProc *proc, mrb_value self)
       /* need to check if + is overridden */
       switch (mrb_type(regs[a])) {
       case MRB_TT_FIXNUM:
-        regs[a].attr_i -= GETARG_C(i);
+	{
+	  mrb_int x = regs[a].attr_i;
+	  mrb_int y = GETARG_C(i);
+	  mrb_int z = x - y;
+
+	  if (((x < 0) ^ (y < 0)) == 0 && (x < 0) != (z < 0)) {
+	    /* integer overflow */
+	    SET_FLT_VALUE(regs[a], (mrb_float)x - (mrb_float)y);
+	    break;
+	  }
+	  regs[a].attr_i = z;
+	}
         break;
       case MRB_TT_FLOAT:
         regs[a].attr_f -= GETARG_C(i);
-- 
cgit v1.2.3