botan
botan copied to clipboard
Prevent unsigned integer overflow in multiplication
The current implementation involves multiplying values that could potentially result in an overflow when converted to size_t
, specifically when dealing with unsigned int
. To address this issue as identified by CodeQL, we propose a solution.
By incorporating uint64_t{1}
into the calculation, we intentionally promote the multiplication type to uint64_t
before the result is computed. This strategic promotion helps mitigate the risk of overflow.
It's important to note that we've opted for this approach instead of using static_cast<uint64_t>()
due to concerns about code readability and consistency. Using static_cast<uint64_t>()
on both the left and right operands would lead to a lengthier expression, potentially impacting clarity. By introducing uint64_t{1}
, we achieve our goal of preventing overflow while maintaining a more elegant code structure. This approach ensures that the promotion is uniform and balanced across both sides of the expression.