nodejs
diff --git a/Collapse file
‎src/crypto/crypto_cipher.cc‎
Copy file name to clipboardExpand all lines: src/crypto/crypto_cipher.cc
+5-1Lines changed: 5 additions & 1 deletion b/Collapse file
‎src/crypto/crypto_cipher.cc‎
Copy file name to clipboardExpand all lines: src/crypto/crypto_cipher.cc
+5-1Lines changed: 5 additions & 1 deletion
diff --git a/Collapse file
‎test/parallel/test-crypto-cipheriv-decipheriv.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-crypto-cipheriv-decipheriv.js
+8Lines changed: 8 additions & 0 deletions b/Collapse file
‎test/parallel/test-crypto-cipheriv-decipheriv.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-crypto-cipheriv-decipheriv.js
+8Lines changed: 8 additions & 0 deletions
@@ -803,7 +803,11 @@ CipherBase::UpdateResult CipherBase::Update(
   if (kind_ == kDecipher && IsAuthenticatedMode())
     CHECK(MaybePassAuthTagToOpenSSL());
 
-  int buf_len = len + EVP_CIPHER_CTX_block_size(ctx_.get());
+  const int block_size = EVP_CIPHER_CTX_block_size(ctx_.get());
+  CHECK_GT(block_size, 0);
+  if (len + block_size > INT_MAX) return kErrorState;
+  int buf_len = len + block_size;
+
   // For key wrapping algorithms, get output size by calling
   // EVP_CipherUpdate() with null output.
   if (kind_ == kCipher && mode == EVP_CIPH_WRAP_MODE &&
 
@@ -215,3 +215,11 @@ for (let n = minIvLength; n < maxIvLength; n += 1) {
     () => crypto.createCipheriv('aes-128-ecb', Buffer.alloc(17), null),
     /Invalid key length/);
 }
+
+{
+  // https://github.com/nodejs/node/issues/45757
+  // eslint-disable-next-line no-restricted-syntax
+  assert.throws(() =>
+    crypto.createCipheriv('aes-128-gcm', Buffer.alloc(16), Buffer.alloc(12))
+    .update(Buffer.allocUnsafeSlow(2 ** 31 - 1)));
+}