From 04d0692c64206442846b350e64b713ce8724655d Mon Sep 17 00:00:00 2001
From: Martin Dindoffer <contact@dindoffer.eu>
Date: Fri, 6 May 2022 15:19:54 +0200
Subject: [PATCH] Fix integer overflow when calculating zeroing range in
 zeroObject

Lists can have up to 29 bits of elements. We multiply that by a constant of 8 (Bytes per word), so basically any element size can cause on overflow.
---
 runtime/src/main/java/org/capnproto/WireHelpers.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/runtime/src/main/java/org/capnproto/WireHelpers.java b/runtime/src/main/java/org/capnproto/WireHelpers.java
index 9327386..2c4f984 100644
--- a/runtime/src/main/java/org/capnproto/WireHelpers.java
+++ b/runtime/src/main/java/org/capnproto/WireHelpers.java
@@ -256,10 +256,10 @@ final class WireHelpers {
             case ElementSize.TWO_BYTES:
             case ElementSize.FOUR_BYTES:
             case ElementSize.EIGHT_BYTES: {
-                memset(segment.buffer, ptr * Constants.BYTES_PER_WORD, (byte)0,
-                       roundBitsUpToWords(
-                           ListPointer.elementCount(tag) *
-                           ElementSize.dataBitsPerElement(ListPointer.elementSize(tag))) * Constants.BYTES_PER_WORD);
+                memset(segment.buffer, ptr * Constants.BYTES_PER_WORD, (byte) 0,
+                        roundBitsUpToWords(
+                                (long) ListPointer.elementCount(tag) *
+                                        ElementSize.dataBitsPerElement(ListPointer.elementSize(tag))) * Constants.BYTES_PER_WORD);
                 break;
             }
             case ElementSize.POINTER: {