fix another potential overflow in fixnum expt
This commit is a follow-up to e96d592735
. The bug fixed this time is
more subtle, because the overflowing computation is never used, but
that doesn't matter in terms of avoiding undefined behavior.
Thanks for Pascal Cuoq and John Regehr.
This commit is contained in:
parent
f22a895060
commit
ed007e0fa0
|
@ -3241,8 +3241,15 @@ static Scheme_Object *fixnum_expt(intptr_t x, intptr_t y)
|
|||
|| !(next_result / (uintptr_t)x == (uintptr_t)result)))
|
||||
return scheme_generic_integer_power(scheme_make_integer_value(orig_x),
|
||||
scheme_make_integer_value(orig_y));
|
||||
else
|
||||
else {
|
||||
result = (intptr_t)next_result;
|
||||
if (y == 1) {
|
||||
/* Don't allow another x * x, because it could overflow
|
||||
(and if it overflows, then a compiler is technically
|
||||
free to make it do anything at all): */
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
y = y >> 1;
|
||||
x = x * x;
|
||||
|
|
Loading…
Reference in New Issue
Block a user