From: Lucian Grijincu <lucian@fb.com>
Date: Tue, 10 May 2016 04:16:26 +0000 (-0700)
Subject: folly: ubsan: cast to unsigned to avoid negative-left-shift
X-Git-Tag: 2016.07.26~256
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6c4dfb8a63e86a819e08d1122e9dc0843ace0879;p=folly.git

folly: ubsan: cast to unsigned to avoid negative-left-shift

Summary:
The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
  bits are filled with zeros.

  If E1 has a signed type and non-negative value, and E1 × 2E2 is
  representable in the result type, then that is the resulting value;
  otherwise, the behavior is undefined.

The code assumed the signed left shift worked like an unsigned left
shift, so make that explicit.

Reviewed By: meyering

Differential Revision: D3280325

fbshipit-source-id: 178b95ee36b7a1126a79bb825c2ad2ffa6fa9464
---

diff --git a/folly/Varint.h b/folly/Varint.h
index d2e661eb..e4af0c19 100644
--- a/folly/Varint.h
+++ b/folly/Varint.h
@@ -71,7 +71,8 @@ uint64_t decodeVarint(Range<T*>& data);
 inline uint64_t encodeZigZag(int64_t val) {
   // Bit-twiddling magic stolen from the Google protocol buffer document;
   // val >> 63 is an arithmetic shift because val is signed
-  return static_cast<uint64_t>((val << 1) ^ (val >> 63));
+  auto uval = static_cast<uint64_t>(val);
+  return static_cast<uint64_t>((uval << 1) ^ (val >> 63));
 }
 
 inline int64_t decodeZigZag(uint64_t val) {