system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-07-21 10:05:32 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

LibCrypto+LibJS: Fix broken subtraction of two negative signed bigints

Browse source 
Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29326
This commit is contained in:
Andreas Kling 2021-01-07 08:51:52 +01:00
parent cd2f85dc10
commit 7ed89703fe
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Libraries/LibCrypto/BigInt/SignedBigInteger.cpp
View file

@ -113,11 +113,11 @@ FLATTEN SignedBigInteger SignedBigInteger::minus(const SignedBigInteger& other)
// -x - -y = y - x
if (m_unsigned_data < other.m_unsigned_data) {
// The result will be positive.
return SignedBigInteger { m_unsigned_data.minus(other.m_unsigned_data) };
return SignedBigInteger { other.m_unsigned_data.minus(m_unsigned_data), true };
}
// The result will be either zero, or negative.
// y - x = - (x - y)
return { other.m_unsigned_data.minus(m_unsigned_data), true };
return SignedBigInteger { m_unsigned_data.minus(other.m_unsigned_data) };
}
FLATTEN SignedBigInteger SignedBigInteger::plus(const UnsignedBigInteger& other) const

8
Libraries/LibJS/Tests/builtins/BigInt/bigint-minus.js Normal file
View file

@ -0,0 +1,8 @@
describe("minus behavior", () => {
test("the basics", () => {
expect(3n - 4n).toBe(-1n);
expect(3n - -4n).toBe(7n);
expect(-3n - -4n).toBe(-1n);
expect(-3n - 4n).toBe(-7n);
});
});