Assert if a shift amount is negative

Shifting by a negative amount has an undefined behavior. A shift amount must not be negative. It fixes the Coverity issues: 449477 and 913889. Signed-off-by: Lukasz Dorau <lukasz.dorau@intel.com>
oneapi-src · Aug 9, 2023 · 84852c3 · 84852c3
1 parent 32d5ec1
commit 84852c3
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/tbbmalloc/large_objects.h b/src/tbbmalloc/large_objects.h
@@ -88,8 +88,10 @@ struct HugeBinStructureProps {
     static int sizeToIdx(size_t size) {
         MALLOC_ASSERT(MinSize <= size && size <= MaxSize, ASSERT_TEXT);
         int sizeExp = (int)BitScanRev(size); // same as __TBB_Log2
+        MALLOC_ASSERT(sizeExp >= 0, "A shift amount (sizeExp) must not be negative");
         size_t majorStepSize = 1ULL << sizeExp;
         int minorStepExp = sizeExp - StepFactorExp;
+        MALLOC_ASSERT(minorStepExp >= 0, "A shift amount (minorStepExp) must not be negative");
         int minorIdx = (size - majorStepSize) >> minorStepExp;
         MALLOC_ASSERT(size == majorStepSize + ((size_t)minorIdx << minorStepExp),
             "Size is not aligned on the bin");