AK: Make sure no overflow occurs in number_string_with_one_decimal

A possible integer overflow might have occured inside the function in case (number % unit) * 10 did not fit into a u64. So it is verified that this does not happen at the beginning of the function.
Author: https://github.com/kuzux Commit: ccb6b4f943 Pull-request: https://github.com/SerenityOS/serenity/pull/16410 Reviewed-by: https://github.com/ADKaster Reviewed-by: https://github.com/LucasChollet Reviewed-by: https://github.com/ldm5180
2025-05-10 21:22:53 +00:00 · 2022-12-15 16:21:25 +03:00 · 2022-12-15 16:21:25 +03:00 · ccb6b4f943 · 2024-07-17 08:27:05 +09:00
commit ccb6b4f943
parent 76fce0b899
1 changed files with 8 additions and 2 deletions
--- a/AK/NumberFormat.cpp
+++ b/AK/NumberFormat.cpp
@ -4,8 +4,10 @@
 * SPDX-License-Identifier: BSD-2-Clause
 */

+#include <AK/Assertions.h>
 #include <AK/DeprecatedString.h>
 #include <AK/NumberFormat.h>
+#include <AK/NumericLimits.h>
 #include <AK/StringView.h>

 namespace AK {
@ -13,8 +15,12 @@ namespace AK {
 // FIXME: Remove this hackery once printf() supports floats.
 static DeprecatedString number_string_with_one_decimal(u64 number, u64 unit, StringView suffix)
 {
-    int decimal = (number % unit) * 10 / unit;
-    return DeprecatedString::formatted("{}.{} {}", number / unit, decimal, suffix);
+    constexpr auto max_unit_size = NumericLimits<u64>::max() / 10;
+    VERIFY(unit < max_unit_size);
+
+    auto integer_part = number / unit;
+    auto decimal_part = (number % unit) * 10 / unit;
+    return DeprecatedString::formatted("{}.{} {}", integer_part, decimal_part, suffix);
 }

 DeprecatedString human_readable_quantity(u64 quantity, StringView unit)