github_mirrors/quickjs
3
0
Fork 1
mirror of https://github.com/bellard/quickjs.git synced 2025-09-27 13:48:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

fixed buffer overflow in js_bigint_to_string1()

Browse Source
This commit is contained in:
Fabrice Bellard 2025-08-25 15:06:19 +02:00
parent 1168c215d1
commit 9ce544289f
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
quickjs.c
View File

@ -11997,11 +11997,10 @@ static JSValue js_bigint_to_string1(JSContext *ctx, JSValueConst val, int radix)
bit_pos = i * log2_radix; bit_pos = i * log2_radix;
pos = bit_pos / JS_LIMB_BITS; pos = bit_pos / JS_LIMB_BITS;
shift = bit_pos % JS_LIMB_BITS; shift = bit_pos % JS_LIMB_BITS;
if (likely((shift + log2_radix) <= JS_LIMB_BITS)) {
c = r->tab[pos] >> shift; c = r->tab[pos] >> shift;
} else { if ((shift + log2_radix) > JS_LIMB_BITS &&
c = (r->tab[pos] >> shift) | (pos + 1) < r->len) {
(r->tab[pos + 1] << (JS_LIMB_BITS - shift)); c |= r->tab[pos + 1] << (JS_LIMB_BITS - shift);
} }
c &= (radix - 1); c &= (radix - 1);
*--q = digits[c]; *--q = digits[c];