From bda1272fb52f645d13c5b07eb85577b72e93d531 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Thu, 20 Apr 2017 21:10:55 -0700
Subject: Bugfix: ash: right shifts of fixnums broken.

* arith.c (ash): The bn <= num_bits comparison
here is always true because bn < 0, leading
to undefined behavior when bn is sufficiently
negative, due to the shift being as wide or
wider than the number of bits in a cnum.
---
 arith.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arith.c b/arith.c
index d22adb9b..e9ecdf54 100644
--- a/arith.c
+++ b/arith.c
@@ -2432,9 +2432,10 @@ val ash(val a, val bits)
   } else {
     switch (type(a)) {
     case NUM:
+      bn = -bn;
       an = c_num(a);
       if (bn <= num_bits)
-        return num_fast(an >> -bn);
+        return num_fast(an >> bn);
       return num_fast(an >> num_bits);
     case BGNUM:
       b = make_bignum();
-- 
cgit v1.2.3