From 9f377333825fe5ae00a6fa757da150bee5897b49 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Wed, 4 Aug 2021 12:05:09 +0900
Subject: numeric.c: fix a bug in left shift of negative integer.

`-1 * (1<<63)` causes overflow, but `-1<<63` is a valid value.
---
 src/numeric.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/numeric.c b/src/numeric.c
index dd06d8115..ded2880ff 100644
--- a/src/numeric.c
+++ b/src/numeric.c
@@ -1332,10 +1332,13 @@ mrb_num_shift(mrb_state *mrb, mrb_int val, mrb_int width, mrb_int *num)
   }
   else {
     if ((width > NUMERIC_SHIFT_WIDTH_MAX) ||
-        (val   <= (MRB_INT_MIN >> width))) {
+        (val   < (MRB_INT_MIN >> width))) {
       return FALSE;
     }
-    *num = val * ((mrb_int)1 << width);
+    if (width == NUMERIC_SHIFT_WIDTH_MAX)
+      *num = MRB_INT_MIN;
+    else
+      *num = val * ((mrb_int)1 << width);
   }
   return TRUE;
 }
-- 
cgit v1.2.3