fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2025-12-28 20:29:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibJS+AK: Fix integer overflow UB on (any Int32 - -2147483648)

Browse Source 
It wasn't safe to use addition_would_overflow(a, -b) to check if
subtraction (a - b) would overflow, since it doesn't cover this case.

I don't know why we didn't have subtraction_would_overflow(), so this
patch adds it. :^)
This commit is contained in:
Andreas Kling
2024-05-18 10:58:11 +02:00
parent 1de475b404
commit b2e6843055
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Userland/Libraries/LibJS/Bytecode/Interpreter.cpp
View File

@@ -948,7 +948,7 @@ ThrowCompletionOr<void> Sub::execute_impl(Bytecode::Interpreter& interpreter) co
if (lhs.is_number() && rhs.is_number()) {
if (lhs.is_int32() && rhs.is_int32()) {
if (!Checked<i32>::addition_would_overflow(lhs.as_i32(), -rhs.as_i32())) {
if (!Checked<i32>::subtraction_would_overflow(lhs.as_i32(), rhs.as_i32())) {
interpreter.set(m_dst, Value(lhs.as_i32() - rhs.as_i32()));
return {};
}