Skip to content

Add bounds check to source map VLQ decoder shift#8331

Open
sumleo wants to merge 1 commit intoWebAssembly:mainfrom
sumleo:fix-vlq-shift-overflow
Open

Add bounds check to source map VLQ decoder shift#8331
sumleo wants to merge 1 commit intoWebAssembly:mainfrom
sumleo:fix-vlq-shift-overflow

Conversation

@sumleo
Copy link
Contributor

@sumleo sumleo commented Feb 16, 2026

Summary

  • readBase64VLQ() increments shift by 5 for each continuation digit with no upper bound.
  • After 7 continuation digits, shift reaches 35 and digit << shift on a uint32_t is undefined behavior (shifting by >= type width).
  • Added a bounds check after incrementing shift, throwing MapParseException for malformed VLQ values with too many continuation digits.

Test plan

  • All existing unit tests pass (309/309), including the source map test suite.
  • This is a defensive check for malformed input that would previously trigger UB.

@sumleo
Add bounds check to source map VLQ decoder shift
54c7063 
readBase64VLQ() increments the shift value by 5 for each continuation
digit with no upper bound. After 7 continuation digits, shift reaches 35
and 'digit << shift' on a uint32_t is undefined behavior (shifting by
an amount >= the type width). Add a bounds check after incrementing
shift, throwing a MapParseException for malformed VLQ values.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sumleo