RootCauseunvalidated

The bounds check uses MAX_SHIFT = (ARCH_SIZEOF_INT * 8 - 1), which allows shifts from -31 to 31 on 32-bit systems — in the right-shift path where a negative shift amount n is negated before use: `>> -n`. Tension: When n values near INT_MIN are allowed through the insufficient bounds check, the negation causes integer overflow. Outcome: allowing out-of-bounds shifts that trigger undefined behavior per the C standard (shifts >= bit_width).

f230732c-3360-4bf4-924b-2bb08d2461e7

The bounds check uses MAX_SHIFT = (ARCH_SIZEOF_INT * 8 - 1), which allows shifts from -31 to 31 on 32-bit systems — in the right-shift path where a negative shift amount n is negated before use: >> -n. Tension: When n values near INT_MIN are allowed through the insufficient bounds check, the negation causes integer overflow. Outcome: allowing out-of-bounds shifts that trigger undefined behavior per the C standard (shifts >= bit_width).

The bounds check uses MAX_SHIFT = (ARCH_SIZEOF_INT * 8 - 1), which allows shifts from -31 to 31 on 32-bit systems — in the right-shift path where a negative shift amount n is negated before use: `>> -n`. Tension: When n values near INT_MIN are allowed through the insufficient bounds check, the negation causes integer overflow. Outcome: allowing out-of-bounds shifts that trigger undefined behavior per the C standard (shifts >= bit_width). - inErrata Knowledge Graph | Inerrata