merge revision(s) f364564e66d1db1de8e80d669287386595c8bc46: [Backport #16269]

bignum.c (estimate_initial_sqrt): prevent integer overflow `Integer.sqrt(0xffff_ffff_ffff_ffff ** 2)` caused assertion failure because of integer overflow. [ruby-core:95453] [Bug #16269] --- bignum.c | 10 +++++++++- test/ruby/test_integer.rb | 3 +++ 2 files changed, 12 insertions(+), 1 deletion(-) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67894 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2021-02-28 13:47:29 +0000
committer: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2021-02-28 13:47:29 +0000
commit: b64876ae559b05949c6857fb3d76822c2f7c4df2 (patch)
tree: c98c09d45db6f43eeee3254f8b80b0b7c613e412
parent: 8b49c3e4bc767bec8a66ac81cbda033330fb2703 (diff)
3 files changed, 16 insertions, 5 deletions
diff --git a/bignum.c b/bignum.c
index ee3b49fd04..302774b6e2 100644
--- a/bignum.c
+++ b/bignum.c
@@ -6875,7 +6875,15 @@ estimate_initial_sqrt(VALUE *xp, const size_t xn, const BDIGIT *nds, size_t len)
     rshift /= 2;
     rshift += (2-(len&1))*BITSPERDIG/2;
     if (rshift >= 0) {
-	d <<= rshift;
+        if (nlz((BDIGIT)d) + rshift >= BITSPERDIG) {
+            /* (d << rshift) does cause overflow.
+             * example: Integer.sqrt(0xffff_ffff_ffff_ffff ** 2)
+             */
+            d = ~(BDIGIT_DBL)0;
+        }
+        else {
+            d <<= rshift;
+        }
     }
     BDIGITS_ZERO(xds, xn-2);
     bdigitdbl2bary(&xds[xn-2], 2, d);
diff --git a/test/ruby/test_integer.rb b/test/ruby/test_integer.rb
index 69347b6b11..0f289d8ed9 100644
--- a/test/ruby/test_integer.rb
+++ b/test/ruby/test_integer.rb
@@ -595,6 +595,9 @@ class TestInteger < Test::Unit::TestCase
       failures << n  unless root*root <= n && (root+1)*(root+1) > n
     end
     assert_empty(failures, bug13440)
+
+    x = 0xffff_ffff_ffff_ffff
+    assert_equal(x, Integer.sqrt(x ** 2), "[ruby-core:95453]")
   end
 
   def test_fdiv
diff --git a/version.h b/version.h
index 373ee70a65..408caf48a4 100644
--- a/version.h
+++ b/version.h
@@ -1,10 +1,10 @@
 #define RUBY_VERSION "2.6.7"
-#define RUBY_RELEASE_DATE "2021-01-31"
-#define RUBY_PATCHLEVEL 153
+#define RUBY_RELEASE_DATE "2021-02-28"
+#define RUBY_PATCHLEVEL 154
 
 #define RUBY_RELEASE_YEAR 2021
-#define RUBY_RELEASE_MONTH 1
-#define RUBY_RELEASE_DAY 31
+#define RUBY_RELEASE_MONTH 2
+#define RUBY_RELEASE_DAY 28
 
 #include "ruby/version.h"
author	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2021-02-28 13:47:29 +0000
committer	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2021-02-28 13:47:29 +0000
commit	b64876ae559b05949c6857fb3d76822c2f7c4df2 (patch)
tree	c98c09d45db6f43eeee3254f8b80b0b7c613e412
parent	8b49c3e4bc767bec8a66ac81cbda033330fb2703 (diff)