fix another potential overflow in fixnum expt

This commit is a follow-up to e96d592735. The bug fixed this time is
more subtle, because the overflowing computation is never used, but
that doesn't matter in terms of avoiding undefined behavior.

Thanks for Pascal Cuoq and John Regehr.
This commit is contained in:
Matthew Flatt 2014-01-29 16:23:31 -07:00
parent f22a895060
commit ed007e0fa0

View File

@ -3241,8 +3241,15 @@ static Scheme_Object *fixnum_expt(intptr_t x, intptr_t y)
|| !(next_result / (uintptr_t)x == (uintptr_t)result)))
return scheme_generic_integer_power(scheme_make_integer_value(orig_x),
scheme_make_integer_value(orig_y));
else
else {
result = (intptr_t)next_result;
if (y == 1) {
/* Don't allow another x * x, because it could overflow
(and if it overflows, then a compiler is technically
free to make it do anything at all): */
break;
}
}
}
y = y >> 1;
x = x * x;