internal/export/idna: fix int32 overflows

Prefer multiplication (int64(b)*int64(c) > MaxInt32) over division (b >
MaxInt32/c) for overflow checking as it is a little faster on 386, and a
LOT faster on amd64.

For golang/go#28233.

Change-Id: Ibf42529b93b699417781adc7eca6e66474f00bbf
Reviewed-on: https://go-review.googlesource.com/c/text/+/317731
Run-TryBot: Ian Lance Taylor <[email protected]>
TryBot-Result: Go Bot <[email protected]>
Reviewed-by: Ian Lance Taylor <[email protected]>
Trust: Damien Neil <[email protected]>

Author: TimothyGu

internal/export/idna/punycode.go

@@ -47,6 +47,7 @@ func decode(encoded string) (string, error) {
 		}
 	}
 	i, n, bias := int32(0), initialN, initialBias
+	overflow := false
 	for pos < len(encoded) {
 		oldI, w := i, int32(1)
 		for k := base; ; k += base {
@@ -58,29 +59,32 @@ func decode(encoded string) (string, error) {
 				return "", punyError(encoded)
 			}
 			pos++
-			i += digit * w
-			if i < 0 {
+			i, overflow = madd(i, digit, w)
+			if overflow {
 				return "", punyError(encoded)
 			}
 			t := k - bias
-			if t < tmin {
+			if k <= bias {
 				t = tmin
-			} else if t > tmax {
+			} else if k >= bias+tmax {
 				t = tmax
 			}
 			if digit < t {
 				break
 			}
-			w *= base - t
-			if w >= math.MaxInt32/base {
+			w, overflow = madd(0, w, base-t)
+			if overflow {
 				return "", punyError(encoded)
 			}
 		}
+		if len(output) >= 1024 {
+			return "", punyError(encoded)
+		}
 		x := int32(len(output) + 1)
 		bias = adapt(i-oldI, x, oldI == 0)
 		n += i / x
 		i %= x
-		if n > utf8.MaxRune || len(output) >= 1024 {
+		if n < 0 || n > utf8.MaxRune {
 			return "", punyError(encoded)
 		}
 		output = append(output, 0)
@@ -113,15 +117,16 @@ func encode(prefix, s string) (string, error) {
 	if b > 0 {
 		output = append(output, '-')
 	}
+	overflow := false
 	for remaining != 0 {
 		m := int32(0x7fffffff)
 		for _, r := range s {
 			if m > r && r >= n {
 				m = r
 			}
 		}
-		delta += (m - n) * (h + 1)
-		if delta < 0 {
+		delta, overflow = madd(delta, m-n, h+1)
+		if overflow {
 			return "", punyError(s)
 		}
 		n = m
@@ -139,9 +144,9 @@ func encode(prefix, s string) (string, error) {
 			q := delta
 			for k := base; ; k += base {
 				t := k - bias
-				if t < tmin {
+				if k <= bias {
 					t = tmin
-				} else if t > tmax {
+				} else if k >= bias+tmax {
 					t = tmax
 				}
 				if q < t {
@@ -162,6 +167,15 @@ func encode(prefix, s string) (string, error) {
 	return string(output), nil
 }
 
+// madd computes a + (b * c), detecting overflow.
+func madd(a, b, c int32) (next int32, overflow bool) {
+	p := int64(b) * int64(c)
+	if p > math.MaxInt32-int64(a) {
+		return 0, true
+	}
+	return a + int32(p), false
+}
+
 func decodeDigit(x byte) (digit int32, ok bool) {
 	switch {
 	case '0' <= x && x <= '9':

internal/export/idna/punycode_test.go

@@ -177,6 +177,7 @@ var punycodeErrorTestCases = [...]string{
 	"decode 9999999999a",  // "9999999999a" overflows the int32 calculation.
 
 	"encode " + strings.Repeat("x", 65536) + "\uff00", // int32 overflow.
+	"encode " + strings.Repeat("x", 65666) + "\uffff", // int32 overflow. issue #28233
 }
 
 func TestPunycodeErrors(t *testing.T) {