Description

The IListWrapper.BinarySearch implementation computed the midpoint as mid = (lo + hi) / 2, which overflows when searching large arrays (e.g., byte[int.MaxValue / 2 + 2]). This PR fixes the overflow issue and significantly improves test coverage for the BinarySearch method.

Fixes #123804

Changes

• Replace overflow-prone midpoint calculation with the same approach used in Array.GetMedian: mid = lo + ((hi - lo) >> 1)
• Move mid declaration inside the loop
• Add test BinarySearch_LargeList_NoIntegerOverflow that validates the fix using a simulated large IList to avoid memory allocation issues in CI
• Add 7 comprehensive tests to improve BinarySearch coverage:
  • BinarySearch_EmptyList: Test searching in empty list
  • BinarySearch_SingleElement: Test single element edge case
  • BinarySearch_BoundaryConditions: Test search at start/end of ranges
  • BinarySearch_PartialRangeSearch: Test searching within subranges
  • BinarySearch_ComparerThrowsException: Test exception propagation from comparer
  • BinarySearch_UnsortedList: Test behavior on unsorted list (should not crash)
  • BinarySearch_TwoElementList: Test two-element edge case
• Add ThrowingComparer helper class for exception testing
• Add FakeLargeIList helper class that simulates an array of int.MaxValue / 2 + 2 elements without actually allocating memory, making it suitable for CI environments

This matches the pattern already used in Array.BinarySearch and prevents overflow by ensuring (hi - lo) remains in bounds before the division.

// Before (overflows)
int mid = (lo + hi) / 2;

// After (overflow-safe)
int mid = lo + ((hi - lo) >> 1);

Additional Investigation

Investigated other types in the repository for similar overflow risks. Found that:

• Array.cs and ArraySortHelper.cs already use the safe pattern
• ExpressionParser.cs (System.Data.Common) has the unsafe pattern but very low risk (small fixed array)
• ConcurrentSet.cs (TraceLogging) has the unsafe pattern with medium theoretical risk

Testing

• ✅ All 20 BinarySearch tests pass (12 original + 8 new)
• ✅ Comprehensive coverage of all 3 method overloads
• ✅ Edge cases covered: empty lists, single/two element lists
• ✅ Boundary conditions and partial range searches tested
• ✅ Exception handling verified
• ✅ Code review completed with no issues
• ✅ Security scan completed

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.