From 0853d98420d54eefbe2c6b9baa98ce8cdf145491 Mon Sep 17 00:00:00 2001 From: DexesTTP Date: Thu, 13 May 2021 08:30:29 +0200 Subject: [PATCH] LibCrypto: Fix an out-of-bounds access in UnsignedBigInteger This is working fine for TLS because we have a big enough inline capacity, but in theory we could have crashed at any time even with our 512 words of inline capacity. --- Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp b/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp index 5f7408800a..d762bcbe5d 100644 --- a/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp +++ b/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp @@ -248,7 +248,7 @@ void UnsignedBigInteger::set_bit_inplace(size_t bit_index) const size_t word_index = bit_index / UnsignedBigInteger::BITS_IN_WORD; const size_t inner_word_index = bit_index % UnsignedBigInteger::BITS_IN_WORD; - m_words.ensure_capacity(word_index); + m_words.ensure_capacity(word_index + 1); for (size_t i = length(); i <= word_index; ++i) { m_words.unchecked_append(0);