mirrors/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-22 17:24:48 -05:00
Code Issues Projects Releases Packages Wiki Activity

LibCrypto: Protect the SignedBigInteger ctor against integer overflow

Browse source 
In particular, if given a value of -2147483648, we would invoke signed
integer overflow (which is UB).
This commit is contained in:
Timothy Flynn 2024-12-19 16:29:40 -05:00 committed by Jelle Raaijmakers
parent 540c840755
commit edd3b14ddf
Notes: github-actions[bot] 2024-12-19 22:38:27 +00:00 
Author: https://github.com/trflynn89
Commit: https://github.com/LadybirdBrowser/ladybird/commit/edd3b14ddf0
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2981
Reviewed-by: https://github.com/gmta
2 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Libraries/LibCrypto/BigInt/SignedBigInteger.h
View file

@ -21,7 +21,7 @@ public:
requires(sizeof(T) <= sizeof(i32)) requires(sizeof(T) <= sizeof(i32))
SignedBigInteger(T value) SignedBigInteger(T value)
: m_sign(value < 0) : m_sign(value < 0)
, m_unsigned_data(abs(static_cast<i32>(value))) , m_unsigned_data(static_cast<u32>(abs(static_cast<i64>(value))))
{ {
} }

11
Tests/LibCrypto/TestBigInteger.cpp
View file

@ -698,6 +698,17 @@ TEST_CASE(test_negative_zero_is_not_allowed)
EXPECT(!zero.is_negative()); EXPECT(!zero.is_negative());
} }
TEST_CASE(test_i32_limits)
{
Crypto::SignedBigInteger min { AK::NumericLimits<i32>::min() };
EXPECT(min.is_negative());
EXPECT(min.unsigned_value().to_u64() == static_cast<u32>(AK::NumericLimits<i32>::max()) + 1);
Crypto::SignedBigInteger max { AK::NumericLimits<i32>::max() };
EXPECT(!max.is_negative());
EXPECT(max.unsigned_value().to_u64() == AK::NumericLimits<i32>::max());
}
TEST_CASE(double_comparisons) TEST_CASE(double_comparisons)
{ {
#define EXPECT_LESS_THAN(bigint, double_value) EXPECT_EQ(bigint.compare_to_double(double_value), Crypto::UnsignedBigInteger::CompareResult::DoubleGreaterThanBigInt) #define EXPECT_LESS_THAN(bigint, double_value) EXPECT_EQ(bigint.compare_to_double(double_value), Crypto::UnsignedBigInteger::CompareResult::DoubleGreaterThanBigInt)