Fix silent truncations when extracting values from CheckedNumeric

base/numerics/safe_math.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_NUMERICS_SAFE_MATH_H_
 #define BASE_NUMERICS_SAFE_MATH_H_
 
 #include <stddef.h>
 
 #include <limits>
@@ skipping 113 matching lines @@
 
   // ValueOrDie() - The primary accessor for the underlying value. If the
   // current state is not valid it will CHECK and crash.
   // A range checked destination type can be supplied using the Dst template
   // parameter, which will trigger a CHECK if the value is not in bounds for
   // the destination.
   // The CHECK behavior can be overridden by supplying a handler as a
   // template parameter, for test code, etc. However, the handler cannot access
   // the underlying value, and it is not available through other means.
   template <typename Dst = T, class CheckHandler = CheckOnFailure>
-  constexpr Dst ValueOrDie() const {
-    return IsValid<Dst>() ? state_.value()
+  constexpr StrictNumeric<Dst> ValueOrDie() const {
+    return IsValid<Dst>() ? static_cast<Dst>(state_.value())
                           : CheckHandler::template HandleFailure<Dst>();
   }
 
   // ValueOrDefault(T default_value) - A convenience method that returns the
   // current value if the state is valid, and the supplied default_value for
   // any other state.
   // A range checked destination type can be supplied using the Dst template
   // parameter. WARNING: This function may fail to compile or CHECK at runtime
   // if the supplied default_value is not within range of the destination type.
   template <typename Dst = T, typename Src>
-  constexpr Dst ValueOrDefault(const Src default_value) const {
-    return IsValid<Dst>() ? state_.value() : checked_cast<Dst>(default_value);
+  constexpr StrictNumeric<Dst> ValueOrDefault(const Src default_value) const {
+    return IsValid<Dst>() ? static_cast<Dst>(state_.value())
+                          : checked_cast<Dst>(default_value);
   }
 
   // ValueFloating() - Since floating point values include their validity state,
   // we provide an easy method for extracting them directly, without a risk of
   // crashing on a CHECK.
   // A range checked destination type can be supplied using the Dst template
   // parameter.
   template <typename Dst = T>
-  constexpr Dst ValueFloating() const {
+  constexpr StrictNumeric<Dst> ValueFloating() const {
     static_assert(std::numeric_limits<T>::is_iec559,
                   "Type must be floating point.");
     static_assert(std::numeric_limits<Dst>::is_iec559,
                   "Type must be floating point.");
     return static_cast<Dst>(state_.value());
   }
 
   // Returns a checked numeric of the specified type, cast from the current
   // CheckedNumeric. If the current state is invalid or the destination cannot
   // represent the result then the returned CheckedNumeric will be invalid.
@@ skipping 238 matching lines @@
 using internal::CheckMod;
 using internal::CheckLsh;
 using internal::CheckRsh;
 using internal::CheckAnd;
 using internal::CheckOr;
 using internal::CheckXor;
 
 }  // namespace base
 
 #endif  // BASE_NUMERICS_SAFE_MATH_H_