Ladybird/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-06-09 17:44:56 +09:00
Code Activity

AK: Always check shift amount in LEB128 read functions

Browse source 
Even shifting 0 by more than the value size is UB.
This commit is contained in:
kleines Filmröllchen 2022-07-08 23:27:24 +02:00 committed by Ali Mohammad Pur
parent cefc931347
commit 41b2d37e8a
Notes: sideshowbarker 2024-07-17 09:33:51 +09:00
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
AK/LEB128.h
View file

@ -36,7 +36,7 @@ struct LEB128 {
return false;
ValueType masked_byte = byte & ~(1 << 7);
bool const shift_too_large_for_result = (num_bytes * 7 > sizeof(ValueType) * 8) && (masked_byte != 0);
bool const shift_too_large_for_result = num_bytes * 7 > sizeof(ValueType) * 8;
if (shift_too_large_for_result)
return false;
@ -83,7 +83,7 @@ struct LEB128 {
// note: 64 bit assumptions!
u64 masked_byte = byte & ~(1 << 7);
bool const shift_too_large_for_result = (num_bytes * 7 >= 64) && (masked_byte != ((temp < 0) ? 0x7Fu : 0u));
bool const shift_too_large_for_result = num_bytes * 7 >= 64;
if (shift_too_large_for_result)
return false;