system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-07-22 02:26:11 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

AK: Always check shift amount in LEB128 read functions

Browse source 
Even shifting 0 by more than the value size is UB.
This commit is contained in:
kleines Filmröllchen 2022-07-08 23:27:24 +02:00 committed by Ali Mohammad Pur
parent cefc931347
commit 41b2d37e8a
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
AK/LEB128.h
View file

@ -36,7 +36,7 @@ struct LEB128 {
return false;
ValueType masked_byte = byte & ~(1 << 7);
bool const shift_too_large_for_result = (num_bytes * 7 > sizeof(ValueType) * 8) && (masked_byte != 0);
bool const shift_too_large_for_result = num_bytes * 7 > sizeof(ValueType) * 8;
if (shift_too_large_for_result)
return false;
@ -83,7 +83,7 @@ struct LEB128 {
// note: 64 bit assumptions!
u64 masked_byte = byte & ~(1 << 7);
bool const shift_too_large_for_result = (num_bytes * 7 >= 64) && (masked_byte != ((temp < 0) ? 0x7Fu : 0u));
bool const shift_too_large_for_result = num_bytes * 7 >= 64;
if (shift_too_large_for_result)
return false;