From 69f9992ed41920389d4185141a14f02f89a4d306 Mon Sep 17 00:00:00 2001 From: usa Date: Tue, 12 Apr 2022 11:49:45 +0000 Subject: Fix dtoa buffer overrun git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/ruby/test_float.rb | 18 ++++++++++++++++++ util.c | 3 ++- version.h | 2 +- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb index 3453440694..0b2e4df05b 100644 --- a/test/ruby/test_float.rb +++ b/test/ruby/test_float.rb @@ -171,6 +171,24 @@ class TestFloat < Test::Unit::TestCase assert_raise(ArgumentError, n += z + "A") {Float(n)} assert_raise(ArgumentError, n += z + ".0") {Float(n)} end + + x = nil + 2000.times do + x = Float("0x"+"0"*30) + break unless x == 0.0 + end + assert_equal(0.0, x, ->{"%a" % x}) + x = nil + 2000.times do + begin + x = Float("0x1."+"0"*270) + rescue ArgumentError => e + raise unless /"0x1\.0{270}"/ =~ e.message + else + break + end + end + assert_nil(x, ->{"%a" % x}) end def test_divmod diff --git a/util.c b/util.c index 7c83b50b8b..814404fdf1 100644 --- a/util.c +++ b/util.c @@ -2081,6 +2081,7 @@ break2: if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0; if (*s == '0') { while (*++s == '0'); + if (!*s) goto ret; s1 = strchr(hexdigit, *s); } if (s1 != NULL) { @@ -2103,7 +2104,7 @@ break2: for (; *s && (s1 = strchr(hexdigit, *s)); ++s) { adj += aadj * ((s1 - hexdigit) & 15); if ((aadj /= 16) == 0.0) { - while (strchr(hexdigit, *++s)); + while (*++s && strchr(hexdigit, *s)); break; } } diff --git a/version.h b/version.h index 466a558e6e..e60fbb787f 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.6.10" #define RUBY_RELEASE_DATE "2022-04-12" -#define RUBY_PATCHLEVEL 209 +#define RUBY_PATCHLEVEL 210 #define RUBY_RELEASE_YEAR 2022 #define RUBY_RELEASE_MONTH 4 -- cgit v1.2.1