From 0658d9c3e9d335ad5f775f596be8e40c25f97a7f Mon Sep 17 00:00:00 2001
From: Charlie Gordon <github@chqrlie.org>
Date: Mon, 8 Apr 2024 22:50:39 +0200
Subject: [PATCH] Fix `js_math_imul` (#356)

- follow ECMA specification
- remove implementation defined signed conversion
---
 quickjs.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/quickjs.c b/quickjs.c
index 94604cf..385f0c5 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -40943,16 +40943,16 @@ static double js_math_fround(double a)
 static JSValue js_math_imul(JSContext *ctx, JSValue this_val,
                             int argc, JSValue *argv)
 {
-    int a, b;
+    uint32_t a, b, c;
+    int32_t d;
 
-    if (JS_ToInt32(ctx, &a, argv[0]))
+    if (JS_ToUint32(ctx, &a, argv[0]))
         return JS_EXCEPTION;
-    if (JS_ToInt32(ctx, &b, argv[1]))
+    if (JS_ToUint32(ctx, &b, argv[1]))
         return JS_EXCEPTION;
-    /* TODO(bnoordhuis) Signed integral narrowing has implementation-defined
-     * behavior but that's a step up from the undefined behavior it replaced.
-     */
-    return js_int32((int64_t)a * (int64_t)b);
+    c = a * b;
+    memcpy(&d, &c, sizeof(d));
+    return js_int32(d);
 }
 
 static JSValue js_math_clz32(JSContext *ctx, JSValue this_val,