Avoid integer overflow in DFGStrengthReduction.cpp
authorrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Oct 2017 16:33:42 +0000 (16:33 +0000)
committerrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Oct 2017 16:33:42 +0000 (16:33 +0000)
commite7fcc4275aec0f11eb7ed59a5ba76ef1db705bbe
tree3dae30db206ef3b077f088f45ed0b715d98aa8cb
parent0fdbfbba99e3f4bf7c3aa178faab6fcad075c68f
Avoid integer overflow in DFGStrengthReduction.cpp
https://bugs.webkit.org/show_bug.cgi?id=177944

Reviewed by Saam Barati.

The check that we won't do integer overflow by negating INT32_MIN was itself an integer overflow.
I think that signed integer overflow is undefined behaviour in C, so I replace it by an explicit check that value != INT32_MIN instead.

* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@222981 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp