From 1b97cf8d89adfb739f76a6352dc2627025d92c67 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Thu, 4 Jun 2026 15:31:08 +0200
Subject: [PATCH] ubsan fixes

---
 tinyexpr.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tinyexpr.c b/tinyexpr.c
index 176e8d0..014da6f 100755
--- a/tinyexpr.c
+++ b/tinyexpr.c
@@ -87,7 +87,8 @@ typedef struct state {
 static te_expr *new_expr(const int type, const te_expr *parameters[]) {
     const int arity = ARITY(type);
     const int psize = sizeof(void*) * arity;
-    const int size = (sizeof(te_expr) - sizeof(void*)) + psize + (IS_CLOSURE(type) ? sizeof(void*) : 0);
+    int size = (sizeof(te_expr) - sizeof(void*)) + psize + (IS_CLOSURE(type) ? sizeof(void*) : 0);
+    if (size < (int)sizeof(te_expr)) size = sizeof(te_expr);
     te_expr *ret = malloc(size);
     CHECK_NULL(ret);
 
@@ -125,7 +126,7 @@ void te_free(te_expr *n) {
 static double pi(void) {return 3.14159265358979323846;}
 static double e(void) {return 2.71828182845904523536;}
 static double fac(double a) {/* simplest version of fac */
-    if (a < 0.0)
+    if (!(a >= 0.0))
         return NAN;
     if (a > UINT_MAX)
         return INFINITY;
@@ -139,7 +140,7 @@ static double fac(double a) {/* simplest version of fac */
     return (double)result;
 }
 static double ncr(double n, double r) {
-    if (n < 0.0 || r < 0.0 || n < r) return NAN;
+    if (!(n >= 0.0) || !(r >= 0.0) || n < r) return NAN;
     if (n > UINT_MAX || r > UINT_MAX) return INFINITY;
     unsigned long int un = (unsigned int)(n), ur = (unsigned int)(r), i;
     unsigned long int result = 1;