mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-10-05 17:49:16 +03:00
AK: Read signed LEB128 integers without 64-bit assumptions
This fixes some errors where too many bytes were allowed to be read for signed integers of a smaller size (e.g. i32). The new parser doesn't make 64-bit assumptions and now matches the generality of its unsigned counterpart.
This commit is contained in:
parent
20d8ea4db1
commit
596dd5252d
Notes:
sideshowbarker
2024-07-17 04:03:27 +09:00
Author: https://github.com/dzfrias Commit: https://github.com/LadybirdBrowser/ladybird/commit/596dd5252d Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/185 Reviewed-by: https://github.com/alimpfard
49
AK/LEB128.h
49
AK/LEB128.h
@ -56,47 +56,34 @@ public:
|
|||||||
static ErrorOr<LEB128<ValueType>> read_from_stream(Stream& stream)
|
static ErrorOr<LEB128<ValueType>> read_from_stream(Stream& stream)
|
||||||
requires(Signed<ValueType>)
|
requires(Signed<ValueType>)
|
||||||
{
|
{
|
||||||
// Note: We read into a u64 to simplify the parsing logic;
|
constexpr auto BITS = sizeof(ValueType) * 8;
|
||||||
// result is range checked into ValueType after parsing.
|
|
||||||
static_assert(sizeof(ValueType) <= sizeof(u64), "Error checking logic assumes 64 bits or less!");
|
|
||||||
|
|
||||||
i64 temp = 0;
|
ValueType result = 0;
|
||||||
size_t num_bytes = 0;
|
u32 shift = 0;
|
||||||
u8 byte = 0;
|
u8 byte = 0;
|
||||||
ValueType result {};
|
|
||||||
|
|
||||||
do {
|
do {
|
||||||
if (stream.is_eof())
|
if (stream.is_eof())
|
||||||
return Error::from_string_literal("Stream reached end-of-file while reading LEB128 value");
|
return Error::from_string_literal("Stream reached end-of-file while reading LEB128 value");
|
||||||
|
|
||||||
byte = TRY(stream.read_value<u8>());
|
byte = TRY(stream.read_value<u8>());
|
||||||
|
result |= (ValueType)(byte & 0x7F) << shift;
|
||||||
|
|
||||||
// note: 64 bit assumptions!
|
if (shift >= BITS - 7) {
|
||||||
u64 masked_byte = byte & ~(1 << 7);
|
bool has_continuation = (byte & 0x80);
|
||||||
bool const shift_too_large_for_result = num_bytes * 7 >= 64;
|
ValueType sign_and_unused = (i8)(byte << 1) >> (BITS - shift);
|
||||||
if (shift_too_large_for_result)
|
if (has_continuation)
|
||||||
return Error::from_string_literal("Read value contains more bits than fit the chosen ValueType");
|
return Error::from_string_literal("Read value contains more bits than fit the chosen ValueType");
|
||||||
|
if (sign_and_unused != 0 && sign_and_unused != -1)
|
||||||
|
return Error::from_string_literal("Read byte is too large to fit the chosen ValueType");
|
||||||
|
return LEB128<ValueType> { result };
|
||||||
|
}
|
||||||
|
|
||||||
bool const shift_too_large_for_byte = (num_bytes * 7) == 63 && masked_byte != 0x00 && masked_byte != 0x7Fu;
|
shift += 7;
|
||||||
if (shift_too_large_for_byte)
|
} while (byte & 0x80);
|
||||||
return Error::from_string_literal("Read byte is too large to fit the chosen ValueType");
|
|
||||||
|
|
||||||
temp = (temp) | (masked_byte << (num_bytes * 7));
|
// Sign extend
|
||||||
++num_bytes;
|
if (shift < BITS && (byte & 0x40))
|
||||||
} while (byte & (1 << 7));
|
result |= ((ValueType)~0 << shift);
|
||||||
|
|
||||||
if ((num_bytes * 7) < 64 && (byte & 0x40)) {
|
|
||||||
// sign extend
|
|
||||||
temp |= ((u64)(-1) << (num_bytes * 7));
|
|
||||||
}
|
|
||||||
|
|
||||||
// Now that we've accumulated into an i64, make sure it fits into result
|
|
||||||
if constexpr (sizeof(ValueType) < sizeof(u64)) {
|
|
||||||
if (temp > NumericLimits<ValueType>::max() || temp < NumericLimits<ValueType>::min())
|
|
||||||
return Error::from_string_literal("Temporary value does not fit the result type");
|
|
||||||
}
|
|
||||||
|
|
||||||
result = static_cast<ValueType>(temp);
|
|
||||||
|
|
||||||
return LEB128<ValueType> { result };
|
return LEB128<ValueType> { result };
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user