LibJS: Prevent huge memory allocations for bigint left shift

Author: devgianlu

Libraries/LibJS/Runtime/ErrorTypes.h

@@ -21,6 +21,7 @@
     M(BigIntBadOperatorOtherType, "Cannot use {} operator with BigInt and other type")                                              \
     M(BigIntFromNonIntegral, "Cannot convert non-integral number to BigInt")                                                        \
     M(BigIntInvalidValue, "Invalid value for BigInt: {}")                                                                           \
+    M(BigIntSizeExceeded, "Maximum BigInt size exceeded")                                                                           \
     M(BindingNotInitialized, "Binding {} is not initialized")                                                                       \
     M(BufferOutOfBounds, "{} contains a property which references a value at an index not contained within its buffer's bounds")    \
     M(ByteLengthExceedsMaxByteLength, "ArrayBuffer byte length of {} exceeds the max byte length of {}")                            \

Libraries/LibJS/Runtime/Value.cpp

@@ -1593,6 +1593,11 @@ ThrowCompletionOr<Value> left_shift(VM& vm, Value lhs, Value rhs)
         return Value(lhs_i32 << shift_count);
     }
     if (both_bigint(lhs_numeric, rhs_numeric)) {
+        // AD-HOC: Prevent allocating huge amounts of memory.
+        auto rhs_bigint = rhs_numeric.as_bigint().big_integer().unsigned_value();
+        if (rhs_bigint.byte_length() > sizeof(u32))
+            return vm.throw_completion<RangeError>(ErrorType::BigIntSizeExceeded);
+
         // 6.1.6.2.9 BigInt::leftShift ( x, y ), https://tc39.es/ecma262/#sec-numeric-types-bigint-leftShift
         auto multiplier_divisor = Crypto::SignedBigInteger { Crypto::NumberTheory::Power(Crypto::UnsignedBigInteger(2), rhs_numeric.as_bigint().big_integer().unsigned_value()) };