From dfd4c084f914539e605a1e34e7b3510dcd45f336 Mon Sep 17 00:00:00 2001
From: Samuel Grayson <sam@samgrayson.me>
Date: Thu, 17 Oct 2019 13:15:57 -0500
Subject: ext: Fix undefined-behavior bug in bitshift

If a small number or zero is passed in, fp64_exp could be very
negative (-1000 for example). The intent of the line is to evaluate to
zero in these cases, but what it actually did was bitshift right by
1000, which is undefined behavior (according to ubsan) that so happens
to result in 0 on GCC/most architectures. This commit changes the code
to check for cases where the bitshift is larger than the width of the
integer.

Change-Id: I8de4bd8ad170f0321d54689460de449b7f8fb60a
Reviewed-on: https://gem5-review.googlesource.com/c/public/gem5/+/21859
Reviewed-by: Andreas Sandberg <andreas.sandberg@arm.com>
Maintainer: Andreas Sandberg <andreas.sandberg@arm.com>
Tested-by: kokoro <noreply+kokoro@google.com>
---
 ext/fputils/fp80.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ext/fputils/fp80.c b/ext/fputils/fp80.c
index 6ba890480..05acfd91a 100644
--- a/ext/fputils/fp80.c
+++ b/ext/fputils/fp80.c
@@ -162,7 +162,10 @@ fp80_cvtfp64(fp80_t fp80)
              * as normals */
             return build_fp64(sign, fp64_frac, fp64_exp);
         } else if (fp64_exp <= 0) {
-            uint64_t fp64_denormal_frac = fp64_frac >> (-fp64_exp);
+            uint64_t fp64_denormal_frac = -64 < fp64_exp
+                // -64 < fp_exp <= 0, so safe to bitshift by -fp_exp
+                ? fp64_frac >> (-fp64_exp)
+                : 0;
             /* Generate a denormal or zero */
             return build_fp64(sign, fp64_denormal_frac, 0);
         } else {
-- 
cgit v1.2.3