Check leading zeros before left shift Use the __builtin_clz* functions based on the size of the integer. Test: aidl_parser_fuzzer test/corpus/shift_left_gt_leading_zeros Bug: 169249147 Change-Id: Ie41ab65b888b0d53643e9c075dd426e1a0b3a3d9

commit: cff936956d0efccfa1bea22a915e1b8b4aeadd90 [log] [tgz]
author: Devin Moore <devinmoore@google.com> Thu Sep 24 10:39:57 2020 -0700
committer: Devin Moore <devinmoore@google.com> Thu Sep 24 23:10:05 2020 +0000
tree: 515647ab7b9736c400b04f56580364a69b7a81d5
parent: fc3b108169d8b89089c8b3caa923528515f732d8 [diff] [blame]
diff --git a/aidl_const_expressions.cpp b/aidl_const_expressions.cpp
index deedace..cb5566b 100644
--- a/aidl_const_expressions.cpp
+++ b/aidl_const_expressions.cpp

@@ -37,6 +37,11 @@
 using std::vector;
 
 template <typename T>
+constexpr int CLZ(T x) {
+  return (sizeof(T) == sizeof(uint64_t)) ? __builtin_clzl(x) : __builtin_clz(x);
+}
+
+template <typename T>
 class OverflowGuard {
  public:
   OverflowGuard(T value) : mValue(value) {}
@@ -108,7 +113,7 @@
     return mValue >> o;
   }
   T operator<<(T o) {
-    if (o < 0 || o > static_cast<T>(sizeof(T) * 8) || mValue < 0) {
+    if (o < 0 || mValue < 0 || o > CLZ(mValue)) {
       mOverflowed = true;
       return 0;
     }
commit	cff936956d0efccfa1bea22a915e1b8b4aeadd90	[log] [tgz]
author	Devin Moore <devinmoore@google.com>	Thu Sep 24 10:39:57 2020 -0700
committer	Devin Moore <devinmoore@google.com>	Thu Sep 24 23:10:05 2020 +0000
tree	515647ab7b9736c400b04f56580364a69b7a81d5
parent	fc3b108169d8b89089c8b3caa923528515f732d8 [diff] [blame]