From a6ab5e9abed70cdedf9f4e9c1dc379eb762ebf64 Mon Sep 17 00:00:00 2001
From: batizdaniel <daniel.batiz@h-lab.eu>
Date: Thu, 23 Dec 2021 11:33:21 +0100
Subject: [PATCH] Fix runtime error: left shift (#4912)

This patch fixes #4703
This patch fixes #4702

JerryScript-DCO-1.0-Signed-off-by: Daniel Batiz daniel.batiz@h-lab.eu
---
 jerry-core/ecma/base/ecma-helpers-number.c |  6 ++++--
 jerry-core/vm/vm.c                         |  3 ++-
 tests/jerry/shift.js                       | 12 ++++++++++++
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/jerry-core/ecma/base/ecma-helpers-number.c b/jerry-core/ecma/base/ecma-helpers-number.c
index 306e5d1caf..ad11be1fd9 100644
--- a/jerry-core/ecma/base/ecma-helpers-number.c
+++ b/jerry-core/ecma/base/ecma-helpers-number.c
@@ -414,13 +414,15 @@ ecma_integer_multiply (ecma_integer_value_t left_integer, /**< left operand */
   if (JERRY_UNLIKELY ((left_integer & (left_integer - 1)) == 0))
   {
     /* Right shift right_integer with log2 (left_integer) */
-    return ecma_make_integer_value (right_integer << (__builtin_ctz ((unsigned int) left_integer)));
+    return ecma_make_integer_value (
+      (int32_t) ((uint32_t) right_integer << (__builtin_ctz ((unsigned int) left_integer))));
   }
 
   if (JERRY_UNLIKELY ((right_integer & (right_integer - 1)) == 0))
   {
     /* Right shift left_integer with log2 (right_integer) */
-    return ecma_make_integer_value (left_integer << (__builtin_ctz ((unsigned int) right_integer)));
+    return ecma_make_integer_value (
+      (int32_t) ((uint32_t) left_integer << (__builtin_ctz ((unsigned int) right_integer))));
   }
 #endif /* defined (__GNUC__) || defined (__clang__) */
 
diff --git a/jerry-core/vm/vm.c b/jerry-core/vm/vm.c
index 33f1e0081a..95b5840dd2 100644
--- a/jerry-core/vm/vm.c
+++ b/jerry-core/vm/vm.c
@@ -3765,7 +3765,8 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
           {
             ecma_integer_value_t left_integer = ecma_get_integer_from_value (left_value);
             ecma_integer_value_t right_integer = ecma_get_integer_from_value (right_value);
-            *stack_top_p++ = ecma_make_int32_value ((int32_t) (left_integer << (right_integer & 0x1f)));
+
+            *stack_top_p++ = ecma_make_int32_value ((int32_t) ((uint32_t) left_integer << (right_integer & 0x1f)));
             continue;
           }
 
diff --git a/tests/jerry/shift.js b/tests/jerry/shift.js
index 442a602923..74f5cd8840 100644
--- a/tests/jerry/shift.js
+++ b/tests/jerry/shift.js
@@ -14,6 +14,18 @@
 
 assert((9 << 2) === 36);
 assert((14 << 2) === 56);
+assert((0 << 0) === 0);
+assert((0 << 1) === 0);
+assert((0 << -1) === 0);
+assert((1 << 0) === 1);
+assert((1 << 1) === 2);
+assert((-1 << 0) === -1);
+assert((-1 << 1) === -2);
+assert((1024 << 21) === -2147483648);
+assert((10 << -1) === 0);
+assert((33554431 << 22) === -4194304);
+assert((-1024 << 31) === 0);
+assert((1024 << 53) === -2147483648);
 
 assert((9 >> 2) === 2);
 assert((-14 >> 2) === -4);