bignum.c (estimate_initial_sqrt): prevent integer overflow

`Integer.sqrt(0xffff_ffff_ffff_ffff ** 2)` caused assertion failure because of integer overflow. [ruby-core:95453] [Bug #16269]
author: Yusuke Endoh <[email protected]> 2019-10-21 21:22:53 +0900
committer: Yusuke Endoh <[email protected]> 2019-10-21 21:24:21 +0900
commit: f364564e66d1db1de8e80d669287386595c8bc46 (patch)
tree: b02c5be041ae8a1761c021fe9a655ec89d792bed /bignum.c
parent: c8f97d16202a953a66a326b450a82d926f0fea9c (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/bignum.c b/bignum.c
index f379b10489..05392325b3 100644
--- a/bignum.c
+++ b/bignum.c
@@ -6888,7 +6888,15 @@ estimate_initial_sqrt(VALUE *xp, const size_t xn, const BDIGIT *nds, size_t len)
     rshift /= 2;
     rshift += (2-(len&1))*BITSPERDIG/2;
     if (rshift >= 0) {
-	d <<= rshift;
+        if (nlz((BDIGIT)d) + rshift >= BITSPERDIG) {
+            /* (d << rshift) does cause overflow.
+             * example: Integer.sqrt(0xffff_ffff_ffff_ffff ** 2)
+             */
+            d = ~(BDIGIT_DBL)0;
+        }
+        else {
+            d <<= rshift;
+        }
     }
     BDIGITS_ZERO(xds, xn-2);
     bdigitdbl2bary(&xds[xn-2], 2, d);
author	Yusuke Endoh <[email protected]>	2019-10-21 21:22:53 +0900
committer	Yusuke Endoh <[email protected]>	2019-10-21 21:24:21 +0900
commit	f364564e66d1db1de8e80d669287386595c8bc46 (patch)
tree	b02c5be041ae8a1761c021fe9a655ec89d792bed /bignum.c
parent	c8f97d16202a953a66a326b450a82d926f0fea9c (diff)