| Summary: | wtf/text/IntegerToStringConversion.h:54:104: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> | ||||||||
| Component: | Web Template Framework | Assignee: | Chris Dumez <cdumez> | ||||||||
| Status: | RESOLVED FIXED | ||||||||||
| Severity: | Normal | CC: | benjamin, cmarcelo, darin, ddkilzer, ews-watchlist, ggaren, sam, webkit-bug-importer | ||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||
| Version: | WebKit Nightly Build | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=176131 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Chris Dumez
2021-03-22 17:16:10 PDT
Created attachment 423967 [details]
Patch
Created attachment 423972 [details]
Patch
Created attachment 424020 [details]
Patch
Comment on attachment 424020 [details]
Patch
I understand how this quiets the undefined behavior sanitizer, but I am sort of surprised that this actually avoids undefined behavior. I am surprised that the unary minus operation is defined so usefully on unsigned types.
(In reply to Darin Adler from comment #4) > Comment on attachment 424020 [details] > Patch > > I understand how this quiets the undefined behavior sanitizer, but I am sort > of surprised that this actually avoids undefined behavior. I am surprised > that the unary minus operation is defined so usefully on unsigned types. I followed the advice from UBSan: "cast to an unsigned type to negate this value to itself". Committed r274878: <https://commits.webkit.org/r274878> All reviewed patches have been landed. Closing bug and clearing flags on attachment 424020 [details]. |