From 8e574a9e7433cb6f5b17a8cac8e66a54fc71a03f Mon Sep 17 00:00:00 2001
From: Yukihiro Matsumoto <matz@ruby-lang.org>
Date: Wed, 13 Jun 2012 19:05:33 +0900
Subject: integer overflow in fixnum plus and minus

---
 src/numeric.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/numeric.c b/src/numeric.c
index 81933237e..746078fd9 100644
--- a/src/numeric.c
+++ b/src/numeric.c
@@ -1073,7 +1073,8 @@ mrb_fixnum_plus(mrb_state *mrb, mrb_value x, mrb_value y)
 
     b = mrb_fixnum(y);
     c = a + b;
-    if (c - b != a) {
+    if (((a < 0) ^ (b < 0)) == 0 && (a < 0) != (c < 0)) {
+      /* integer overflow */
       return mrb_float_value((mrb_float)a + (mrb_float)b);
     }
     return mrb_fixnum_value(c);
@@ -1111,7 +1112,8 @@ mrb_fixnum_minus(mrb_state *mrb, mrb_value x, mrb_value y)
 
     b = mrb_fixnum(y);
     c = a - b;
-    if (c + b != a) {
+    if (((a < 0) ^ (b < 0)) != 0 && (a < 0) != (c < 0)) {
+      /* integer overflow */
       return mrb_float_value((mrb_float)a - (mrb_float)b);
     }
     return mrb_fixnum_value(c);
-- 
cgit v1.2.3