fix(writeUintSafe,writIntSafe): canonical encoding of too lartge nums

Author: Conaclos

CHANGELOG.md

@@ -6,6 +6,15 @@ This project adheres to [Semantic Versioning][semver].
 The format of this changelog is [a variant][lib9-versionning] of [Keep a Changelog][keep-changelog].
 New entries must be placed in a section entitled `Unreleased`.
 
+## Unreleased
+
+-   Fix  `writeUintSafe` and `writeIntSafe` by encoding too large numbers in a canonical way.
+
+    Although the library provides assertions that reject valid inputs, it allows users to disable them.
+    Even when assertions are disabled, the library must still provide valid encoded values.
+    Previously, `writeUintSafe` and `writeIntSafe` might output a non-canonical encoding for numbers that were too large.
+    It now robustly handles invalid input numbers that are too large.
+
 ## 0.6.1 (2026-01-05)
 
 -   Fix `writeUintSafe32` that wrongly encoded numbers larger than 16383 (`2e14 - 1`)

src/codec/int.test.ts

@@ -277,8 +277,18 @@ test("writeIntSafe", () => {
             assert.throws(action, { name: "AssertionError" }, "too big")
         } else {
             action()
-            // FIXME: should be `0` to ensure canonical encoding
-            assert.deepEqual(toBytes(bc), [0x80, 0])
+            assert.deepEqual(toBytes(bc), [0])
+        }
+    }
+
+    {
+        const bc = fromBytes()
+        const action = () => writeIntSafe(bc, Number.MAX_SAFE_INTEGER + 3)
+        if (DEV) {
+            assert.throws(action, { name: "AssertionError" }, "too big")
+        } else {
+            action()
+            assert.deepEqual(toBytes(bc), [4])
         }
     }
 

src/codec/int.ts

@@ -60,22 +60,22 @@ export function writeIntSafe(bc: ByteCursor, x: number): void {
     let zigZag = x < 0 ? -(x + 1) : x
     let first7Bits = ((zigZag & 0x3f) << 1) | sign
     zigZag = Math.floor(zigZag / /* 2**6 */ 0x40)
-    if (zigZag > 0) {
-        if (!Number.isSafeInteger(x)) {
-            if (DEV) {
-                assert(false, TOO_LARGE_NUMBER)
-            }
-            // keep only the remaining 53 - 6 = 47 bits
+    if (!Number.isSafeInteger(x)) {
+        if (DEV) {
+            assert(false, TOO_LARGE_NUMBER)
+        }
+        // keep only the remaining 53 - 6 = 47 bits
+        // this is useful when assertions are skipped
+        const low = zigZag & 0x7fff
+        const high = ((zigZag / 0x8000) >>> 0) * 0x8000
+        if (first7Bits === 0x7f && low === 0x7fff && high === 0xffff_ffff) {
+            // maps -2**53 to Number.MIN_SAFE_INTEGER
             // this is useful when assertions are skipped
-            const low = zigZag & 0x7fff
-            const high = ((zigZag / 0x8000) >>> 0) * 0x8000
-            if (first7Bits === 0x7f && low === 0x7fff && high === 0xffff_ffff) {
-                // maps -2**53 to Number.MIN_SAFE_INTEGER
-                // this is useful when assertions are skipped
-                first7Bits &= ~0b10
-            }
-            zigZag = high + low
+            first7Bits &= ~0b10
         }
+        zigZag = high + low
+    }
+    if (zigZag > 0) {
         writeU8(bc, 0x80 | first7Bits)
         writeUintSafe(bc, zigZag)
     } else {

src/codec/uint.test.ts

@@ -329,11 +329,22 @@ test("writeUintSafe", () => {
             )
         } else {
             action()
-            assert.deepEqual(
-                toBytes(bc),
-                // FIXME: should be `0` to ensure canonical encoding
-                [0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0],
+            assert.deepEqual(toBytes(bc), [0])
+        }
+    }
+
+    {
+        const bc = fromBytes()
+        const action = () => writeUintSafe(bc, Number.MAX_SAFE_INTEGER + 3)
+        if (DEV) {
+            assert.throws(
+                action,
+                { name: "AssertionError", message: "too large number" },
+                "too large number",
             )
+        } else {
+            action()
+            assert.deepEqual(toBytes(bc), [2])
         }
     }
 })

src/codec/uint.ts

@@ -139,11 +139,18 @@ export function readUintSafe(bc: ByteCursor): number {
 }
 
 export function writeUintSafe(bc: ByteCursor, x: number): void {
-    if (DEV) {
-        assert(isU64Safe(x), TOO_LARGE_NUMBER)
+    let zigZag = x
+    if (!isU64Safe(x)) {
+        if (DEV) {
+            assert(false, TOO_LARGE_NUMBER)
+        }
+        // Truncate `zigZag` to 53 bits
+        // this is useful when assertions are skipped
+        const low = zigZag & 0x1fffff
+        const high = ((zigZag / 0x200000) >>> 0) * 0x200000
+        zigZag = high + low
     }
     let byteCount = 1
-    let zigZag = x
     while (zigZag >= 0x80 && byteCount < INT_SAFE_MAX_BYTE_COUNT) {
         writeU8(bc, 0x80 | (zigZag & 0x7f))
         zigZag = Math.floor(zigZag / /* 2**7 */ 0x80)