fix: add safe double-to-int64 conversion for bitwise operations

Implements proper safety checks for all bitwise operations (<<, >>, &, ^, |)
when converting double values to int64_t. This prevents undefined behavior
and potential security issues from integer overflow or invalid values.

The implementation:
- Adds safeDoubleToInt64 function to safely convert doubles to int64_t
- Applies this function to all bitwise operations in vm.cpp
- Validates that values are finite (not NaN or Infinity)
- Ensures values are within valid int64_t range
- Provides proper error reporting with source location context

This change aligns with the Jsonnet specification which states that bitwise
operations should first convert operands to signed 64-bit integers before
performing operations. The previous implementation performed unchecked casts
that could lead to undefined behavior with extreme values.

Signed-off-by: Ville Vesilehto <[email protected]>

Author: thevilledev

core/vm.cpp

@@ -2559,36 +2559,38 @@ class Interpreter {
                                 case BOP_SHIFT_L: {
                                     if (rhs.v.d < 0)
                                         throw makeError(ast.location, "shift by negative exponent.");
-                                    int64_t long_l = lhs.v.d;
-                                    int64_t long_r = rhs.v.d;
+
+                                    int64_t long_l = safeDoubleToInt64(lhs.v.d, ast.location);
+                                    int64_t long_r = safeDoubleToInt64(rhs.v.d, ast.location);
                                     long_r = long_r % 64;
                                     scratch = makeNumber(long_l << long_r);
                                 } break;
 
                                 case BOP_SHIFT_R: {
                                     if (rhs.v.d < 0)
                                         throw makeError(ast.location, "shift by negative exponent.");
-                                    int64_t long_l = lhs.v.d;
-                                    int64_t long_r = rhs.v.d;
+
+                                    int64_t long_l = safeDoubleToInt64(lhs.v.d, ast.location);
+                                    int64_t long_r = safeDoubleToInt64(rhs.v.d, ast.location);
                                     long_r = long_r % 64;
                                     scratch = makeNumber(long_l >> long_r);
                                 } break;
 
                                 case BOP_BITWISE_AND: {
-                                    int64_t long_l = lhs.v.d;
-                                    int64_t long_r = rhs.v.d;
+                                    int64_t long_l = safeDoubleToInt64(lhs.v.d, ast.location);
+                                    int64_t long_r = safeDoubleToInt64(rhs.v.d, ast.location);
                                     scratch = makeNumber(long_l & long_r);
                                 } break;
 
                                 case BOP_BITWISE_XOR: {
-                                    int64_t long_l = lhs.v.d;
-                                    int64_t long_r = rhs.v.d;
+                                    int64_t long_l = safeDoubleToInt64(lhs.v.d, ast.location);
+                                    int64_t long_r = safeDoubleToInt64(rhs.v.d, ast.location);
                                     scratch = makeNumber(long_l ^ long_r);
                                 } break;
 
                                 case BOP_BITWISE_OR: {
-                                    int64_t long_l = lhs.v.d;
-                                    int64_t long_r = rhs.v.d;
+                                    int64_t long_l = safeDoubleToInt64(lhs.v.d, ast.location);
+                                    int64_t long_r = safeDoubleToInt64(rhs.v.d, ast.location);
                                     scratch = makeNumber(long_l | long_r);
                                 } break;
 
@@ -3406,4 +3408,14 @@ std::vector<std::string> jsonnet_vm_execute_stream(Allocator *alloc, const AST *
     return vm.manifestStream(string_output);
 }
 
+inline int64_t safeDoubleToInt64(double value, const internal::LocationRange& loc) {
+    if (std::isnan(value) || std::isinf(value)) {
+        throw internal::StaticError(loc, "numeric value is not finite");
+    }
+    if (value < static_cast<double>(INT64_MIN) || value > static_cast<double>(INT64_MAX)) {
+        throw internal::StaticError(loc, "numeric value out of range for integer operation");
+    }
+    return static_cast<int64_t>(value);
+}
+
 }  // namespace jsonnet::internal

core/vm.h

@@ -129,6 +129,20 @@ std::vector<std::string> jsonnet_vm_execute_stream(
     double gc_min_objects, double gc_growth_trigger, const VmNativeCallbackMap &natives,
     JsonnetImportCallback *import_callback, void *import_callback_ctx, bool string_output);
 
+/** Safely converts a double to an int64_t, with range and validity checks.
+ *
+ * This function is used primarily for bitwise operations which require integer operands.
+ * It performs two safety checks:
+ * 1. Verifies the value is finite (not NaN or Infinity)
+ * 2. Ensures the value is within the valid range for int64_t
+ *
+ * \param value The double value to convert
+ * \param loc The location in source code (for error reporting)
+ * \throws StaticError if value is not finite or out of range
+ * \returns The value converted to int64_t
+ */
+int64_t safeDoubleToInt64(double value, const LocationRange& loc);
+
 }  // namespace jsonnet::internal
 
 #endif