From f18e1281886b5300c62ad362d77aaecd32c0b1d3 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Mon, 14 Feb 2022 07:28:09 -0800
Subject: random: shift bug uncovered by ubsan.

* rand.c (random): When calculating the msb_rand_mask, avoid
shifting a 32 bit value by 32 bits. In that case we want the
mask to be 0xFFFFFFFF, so we shift by zero.
---
 rand.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rand.c b/rand.c
index 3e676ff1..934f62a8 100644
--- a/rand.c
+++ b/rand.c
@@ -366,7 +366,9 @@ val random(val state, val modulus)
     ucnum bits = mp_count_bits(m) - mp_is_pow_two(m);
     ucnum rands_needed = (bits + 32 - 1) / 32;
     ucnum msb_rand_bits = bits % 32;
-    rand32_t msb_rand_mask = convert(rand32_t, -1) >> (32 - msb_rand_bits);
+    rand32_t msb_rand_mask = convert(rand32_t, -1) >> (msb_rand_bits
+                                                       ? 32 - msb_rand_bits
+                                                       : 0);
     val out = make_bignum();
     mp_int *om = mp(out);
 
-- 
cgit v1.2.3