From ef95dcd39093e0c3bb017a37fe0ff5a7158e91a7 Mon Sep 17 00:00:00 2001
From: murase_syuka <murase.syuka+github@gmail.com>
Date: Wed, 18 Nov 2015 21:37:17 +0900
Subject: Bugfix nagative-number lshift() bit overflow

---
 src/numeric.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'src/numeric.c')

diff --git a/src/numeric.c b/src/numeric.c
index e64cd2d8d..41820ff5c 100644
--- a/src/numeric.c
+++ b/src/numeric.c
@@ -821,15 +821,28 @@ static mrb_value
 lshift(mrb_state *mrb, mrb_int val, mrb_int width)
 {
   mrb_assert(width > 0);
-  if ((width > NUMERIC_SHIFT_WIDTH_MAX) ||
-      (val   > (MRB_INT_MAX >> width))) {
+  if (val > 0) {
+    if ((width > NUMERIC_SHIFT_WIDTH_MAX) ||
+        (val   > (MRB_INT_MAX >> width))) {
+      goto bit_overflow;
+    }
+  } else {
+    if ((width > NUMERIC_SHIFT_WIDTH_MAX) ||
+        (val   < (MRB_INT_MIN >> width))) {
+      goto bit_overflow;
+    }
+  }
+
+  return mrb_fixnum_value(val << width);
+
+bit_overflow:
+  {
     mrb_float f = (mrb_float)val;
     while (width--) {
       f *= 2;
     }
     return mrb_float_value(mrb, f);
   }
-  return mrb_fixnum_value(val << width);
 }
 
 static mrb_value
-- 
cgit v1.2.3