From 744f6fcc8f2bc8aec4f079eff4d0d642e171b4d9 Mon Sep 17 00:00:00 2001
From: Syoyo Fujita <syoyo@lighttransport.com>
Date: Fri, 9 Jan 2026 07:50:28 +0900
Subject: [PATCH] Fix undefined behavior in parse_int and add UBSan build
 script

Fix signed integer overflow when parsing INT_MIN (-2147483648) by
negating in int64_t space before casting to int32_t. The previous
code attempted to negate the result after casting, which is undefined
behavior for INT_MIN.

Also add bootstrap-cmake-linux-ubsan.sh for UBSan builds.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 scripts/bootstrap-cmake-linux-ubsan.sh | 12 ++++++++++++
 src/tiny-string.cc                     |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100755 scripts/bootstrap-cmake-linux-ubsan.sh

diff --git a/scripts/bootstrap-cmake-linux-ubsan.sh b/scripts/bootstrap-cmake-linux-ubsan.sh
new file mode 100755
index 00000000..64a05e96
--- /dev/null
+++ b/scripts/bootstrap-cmake-linux-ubsan.sh
@@ -0,0 +1,12 @@
+curdir=`pwd`
+
+builddir=${curdir}/build_ubsan
+
+rm -rf ${builddir}
+mkdir ${builddir}
+
+cd ${builddir} && CXX=clang++ CC=clang cmake \
+  -DSANITIZE_UNDEFINED=1 \
+  -DCMAKE_VERBOSE_MAKEFILE=1 \
+  ..
+
diff --git a/src/tiny-string.cc b/src/tiny-string.cc
index 9d9775bf..34ef54e6 100644
--- a/src/tiny-string.cc
+++ b/src/tiny-string.cc
@@ -369,7 +369,7 @@ bool parse_int(const tstring_view &sv, int32_t *ret) {
     }
   }
   
-  *ret = negative ? -static_cast<int32_t>(result) : static_cast<int32_t>(result);
+  *ret = static_cast<int32_t>(negative ? -result : result);
   return true;
 }