LibCrypto: Protect the SignedBigInteger ctor against integer overflow

In particular, if given a value of -2147483648, we would invoke signed integer overflow (which is UB).
Author: https://github.com/trflynn89 Commit: https://github.com/LadybirdBrowser/ladybird/commit/edd3b14ddf0 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2981 Reviewed-by: https://github.com/gmta ✅
2025-01-22 09:12:13 -05:00 · 2024-12-19 16:29:40 -05:00 · 2024-12-19 16:29:40 -05:00 · edd3b14ddf · 2024-12-19 22:38:27 +00:00
commit edd3b14ddf
parent 540c840755
2 changed files with 12 additions and 1 deletions
--- a/Libraries/LibCrypto/BigInt/SignedBigInteger.h
+++ b/Libraries/LibCrypto/BigInt/SignedBigInteger.h
@ -21,7 +21,7 @@ public:
    requires(sizeof(T) <= sizeof(i32))
    SignedBigInteger(T value)
        : m_sign(value < 0)
-        , m_unsigned_data(abs(static_cast<i32>(value)))
+        , m_unsigned_data(static_cast<u32>(abs(static_cast<i64>(value))))
    {
    }

--- a/Tests/LibCrypto/TestBigInteger.cpp
+++ b/Tests/LibCrypto/TestBigInteger.cpp
@ -698,6 +698,17 @@ TEST_CASE(test_negative_zero_is_not_allowed)
    EXPECT(!zero.is_negative());
 }

+TEST_CASE(test_i32_limits)
+{
+    Crypto::SignedBigInteger min { AK::NumericLimits<i32>::min() };
+    EXPECT(min.is_negative());
+    EXPECT(min.unsigned_value().to_u64() == static_cast<u32>(AK::NumericLimits<i32>::max()) + 1);
+
+    Crypto::SignedBigInteger max { AK::NumericLimits<i32>::max() };
+    EXPECT(!max.is_negative());
+    EXPECT(max.unsigned_value().to_u64() == AK::NumericLimits<i32>::max());
+}
+
 TEST_CASE(double_comparisons)
 {
 #define EXPECT_LESS_THAN(bigint, double_value) EXPECT_EQ(bigint.compare_to_double(double_value), Crypto::UnsignedBigInteger::CompareResult::DoubleGreaterThanBigInt)