LibCrypto: Fix an out-of-bounds access in UnsignedBigInteger

This is working fine for TLS because we have a big enough inline capacity, but in theory we could have crashed at any time even with our 512 words of inline capacity.
Author: https://github.com/Dexesttp Commit: https://github.com/SerenityOS/serenity/commit/0853d98420d Pull-request: https://github.com/SerenityOS/serenity/pull/7067 Reviewed-by: https://github.com/alimpfard
2025-04-21 03:55:24 +00:00 · 2021-05-13 08:30:29 +02:00 · 2021-05-13 08:30:29 +02:00 · 0853d98420 · 2024-07-18 18:13:56 +09:00
commit 0853d98420
parent 28a6a9a08f
1 changed files with 1 additions and 1 deletions
--- a/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp
+++ b/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp
@ -248,7 +248,7 @@ void UnsignedBigInteger::set_bit_inplace(size_t bit_index)
    const size_t word_index = bit_index / UnsignedBigInteger::BITS_IN_WORD;
    const size_t inner_word_index = bit_index % UnsignedBigInteger::BITS_IN_WORD;

-    m_words.ensure_capacity(word_index);
+    m_words.ensure_capacity(word_index + 1);

    for (size_t i = length(); i <= word_index; ++i) {
        m_words.unchecked_append(0);