From 23fe87612aa0e2ebcd55369d4075316b316ae8e1 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 16:48:50 +0000
Subject: [PATCH] Fix undefined behavior when negating SMALL_INT_MIN in
 power_of_two_multiple

Co-authored-by: nunoplopes <2998477+nunoplopes@users.noreply.github.com>
---
 src/util/mpz.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/util/mpz.cpp b/src/util/mpz.cpp
index 49469b4ce..5a1e77caf 100644
--- a/src/util/mpz.cpp
+++ b/src/util/mpz.cpp
@@ -2273,7 +2273,16 @@ unsigned mpz_manager<SYNCH>::power_of_two_multiple(mpz const & a) {
         if (val == 0) return 0;
         
         // Work with absolute value for counting trailing zeros
-        uint64_t v = (val < 0) ? static_cast<uint64_t>(-val) : static_cast<uint64_t>(val);
+        // Handle SMALL_INT_MIN specially to avoid overflow
+        uint64_t v;
+        if (val == mpz::SMALL_INT_MIN) {
+            // SMALL_INT_MIN = -2^(SMALL_BITS-1), so it has (SMALL_BITS-1) trailing zeros
+            return mpz::SMALL_BITS - 1;
+        } else if (val < 0) {
+            v = static_cast<uint64_t>(-val);
+        } else {
+            v = static_cast<uint64_t>(val);
+        }
         
         if ((v & 0xFFFFFFFF) == 0) {
             r += 32;