Fix UBSAN failure caused by left-shift of negative number

.github/codeql-queries/exiv2-cpp-queries/signed_shift.ql

@@ -0,0 +1,24 @@
+/**
+ * @name Signed shift
+ * @description Shifting a negative number is undefined behavior,
+ *              so it is risky to shift a signed number.
+ * @kind problem
+ * @problem.severity warning
+ * @id cpp/signed-shift
+ * @tags security
+ *       external/cwe/cwe-758
+ */
+
+// See the "Bitwise shift operators" section here:
+// https://en.cppreference.com/w/cpp/language/operator_arithmetic
+import cpp
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+
+from BinaryBitwiseOperation shift, Expr lhs
+where
+  (shift instanceof LShiftExpr or shift instanceof RShiftExpr) and
+  lhs = shift.getLeftOperand().getFullyConverted() and
+  lowerBound(lhs) < 0
+select shift,
+  "This signed shift could cause undefined behavior if the value is negative. Type of lhs: " +
+    lhs.getType().toString()

src/pentaxmn_int.cpp

@@ -1036,7 +1036,7 @@ namespace Exiv2 {
     std::ostream& PentaxMakerNote::printDate(std::ostream& os, const Value& value, const ExifData*)
     {
         /* I choose same format as is used inside EXIF itself */
-        os << ((value.toLong(0) << 8) + value.toLong(1));
+        os << ((static_cast<uint64_t>(value.toLong(0)) << 8) + value.toLong(1));
         os << ":";
         os << std::setw(2) << std::setfill('0') << value.toLong(2);
         os << ":";

tests/bugfixes/github/test_issue_1920.py

@@ -0,0 +1,17 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, path, check_no_ASAN_UBSAN_errors
+
+class PentaxMakerNotePrintTimeSignedLeftShift(metaclass=CaseMeta):
+    """
+    Regression test for the bug described in:
+    https://github.com/Exiv2/exiv2/issues/1920
+    """
+    url = "https://github.com/Exiv2/exiv2/issues/1920"
+
+    filename = path("$data_path/issue_1920_poc.tiff")
+    commands = ["$exiv2 -q -Pt $filename"]
+    stderr = [""]
+    retval = [0]
+
+    compare_stdout = check_no_ASAN_UBSAN_errors