folly: ubsan: cast to unsigned to avoid negative-left-shift

Summary:
The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
  bits are filled with zeros.

  If E1 has a signed type and non-negative value, and E1 × 2E2 is
  representable in the result type, then that is the resulting value;
  otherwise, the behavior is undefined.

The code assumed the signed left shift worked like an unsigned left
shift, so make that explicit.

Reviewed By: meyering

Differential Revision: D3280325

fbshipit-source-id: 178b95ee36b7a1126a79bb825c2ad2ffa6fa9464

diff --git a/folly/Varint.h b/folly/Varint.h
index d2e661eb7bf498fcffcedf5d5c1ed07034362926..e4af0c19000a02697f0d5aee3ad1711ff44791fb 100644 (file)
--- a/folly/Varint.h
+++ b/folly/Varint.h
@@ -71,7 +71,8 @@ uint64_t decodeVarint(Range<T*>& data);
 inline uint64_t encodeZigZag(int64_t val) {
   // Bit-twiddling magic stolen from the Google protocol buffer document;
   // val >> 63 is an arithmetic shift because val is signed
-  return static_cast<uint64_t>((val << 1) ^ (val >> 63));
+  auto uval = static_cast<uint64_t>(val);
+  return static_cast<uint64_t>((uval << 1) ^ (val >> 63));
 }
 
 inline int64_t decodeZigZag(uint64_t val) {