Make sure this works properly under uncommon integer overflow rules

While every tool I've ever heard of will implement this operation correctly, it's technically signed overflow and thus undefined behavior. Surprisingly, ubsan doesn't catch it...
aaaaaa123456789 · Jan 31, 2022 · 309edf0 · 309edf0
1 parent 223b896
commit 309edf0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/inline.h b/src/inline.h
@@ -112,7 +112,7 @@ static inline uint64_t color_from_floats (double red, double green, double blue,
 
 static inline int16_t make_signed_16 (uint16_t value) {
   // this is a no-op (since int16_t must use two's complement), but it's necessary to avoid undefined behavior
-  return (value >= 0x8000u) ? -(int16_t) (~value) - 1 : value;
+  return (value >= 0x8000u) ? -(int16_t) bitnegate(value) - 1 : value;
 }
 
 static inline unsigned bit_width (uintmax_t value) {