search

akubera / bigdecimal-rs

Arbitrary precision decimal crate for Rust
Other
275 stars 71 forks source link

overflow on `PartialEq` for `BigDecimal` #93

Closed austinabell closed 2 months ago

austinabell commented 1 year ago

The following lines: https://github.com/akubera/bigdecimal-rs/blob/272123eddc02aad5d1a331ded8eb6605ed2bea96/src/lib.rs#L799

https://github.com/akubera/bigdecimal-rs/blob/272123eddc02aad5d1a331ded8eb6605ed2bea96/src/lib.rs#L802

overflow whenever either lhs or rhs are opposite signs and the abs sum is >u64::MAX

repro:

    let a = BigDecimal::new(bigdecimal::num_bigint::BigInt::from(1), i64::MIN);
    let b = BigDecimal::new(bigdecimal::num_bigint::BigInt::from(1), 1);
    let _ = a == b;

Found during fuzzing https://github.com/near/borsh-rs/pull/91#issuecomment-1081896887

akubera commented 2 months ago

Fixed in new comparison implementation in v0.4.4. I just added a test for continued checking.

Thanks.