beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 07:30:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

AK: Always check shift amount in LEB128 read functions

Browse source 
Even shifting 0 by more than the value size is UB.
This commit is contained in:
kleines Filmröllchen 2022-07-08 23:27:24 +02:00 committed by Ali Mohammad Pur
parent cefc931347
commit 41b2d37e8a
Notes: sideshowbarker 2024-07-17 09:33:51 +09:00 
Author: https://github.com/kleinesfilmroellchen
Commit: https://github.com/SerenityOS/serenity/commit/41b2d37e8a
Pull-request: https://github.com/SerenityOS/serenity/pull/14518
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
AK/LEB128.h
View file

@ -36,7 +36,7 @@ struct LEB128 {
return false; return false;
ValueType masked_byte = byte & ~(1 << 7); ValueType masked_byte = byte & ~(1 << 7);
bool const shift_too_large_for_result = (num_bytes * 7 > sizeof(ValueType) * 8) && (masked_byte != 0); bool const shift_too_large_for_result = num_bytes * 7 > sizeof(ValueType) * 8;
if (shift_too_large_for_result) if (shift_too_large_for_result)
return false; return false;
@ -83,7 +83,7 @@ struct LEB128 {
// note: 64 bit assumptions! // note: 64 bit assumptions!
u64 masked_byte = byte & ~(1 << 7); u64 masked_byte = byte & ~(1 << 7);
bool const shift_too_large_for_result = (num_bytes * 7 >= 64) && (masked_byte != ((temp < 0) ? 0x7Fu : 0u)); bool const shift_too_large_for_result = num_bytes * 7 >= 64;
if (shift_too_large_for_result) if (shift_too_large_for_result)
return false; return false;