From 13ff09012aabaced8a0a0fab40f3c3db32673922 Mon Sep 17 00:00:00 2001
From: John Lightsey <john@04755.net>
Date: Thu, 20 Aug 2020 15:53:57 -0500
Subject: Add missing boundary check to grok_infnan

The grok_infnan() function was walking past the end of the string
while skipping over trailing '0' characters. This is another
variation of #17370.

(cherry picked from commit bbd8607595f9856d6e75ed63130034cf645feb4a)
---
 numeric.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/numeric.c b/numeric.c
index f063c648b6..0a3efb6df0 100644
--- a/numeric.c
+++ b/numeric.c
@@ -784,7 +784,7 @@ Perl_grok_infnan(pTHX_ const char** sp, const char* send)
                 s++; if (s == send || isALPHA_FOLD_NE(*s, 'Y')) return fail;
                 s++;
             } else if (odh) {
-                while (*s == '0') { /* 1.#INF00 */
+                while (s < send && *s == '0') { /* 1.#INF00 */
                     s++;
                 }
             }
@@ -798,10 +798,10 @@ Perl_grok_infnan(pTHX_ const char** sp, const char* send)
         else if (isALPHA_FOLD_EQ(*s, 'D') && odh) { /* 1.#IND */
             s++;
             flags |= IS_NUMBER_NAN | IS_NUMBER_NOT_INT;
-            while (*s == '0') { /* 1.#IND00 */
+            while (s < send && *s == '0') { /* 1.#IND00 */
                 s++;
             }
-            if (*s) {
+            if (s < send && *s) {
                 flags |= IS_NUMBER_TRAILING;
             }
         } else
-- 
cgit v1.2.1