Fix dtoa buffer overrun

2022-11-09 12:17:21 -05:00 · 2022-04-12 20:25:48 +09:00 · 2022-04-12 20:25:48 +09:00 · c9c2245c0a
commit c9c2245c0a
parent 389723d854
3 changed files with 22 additions and 3 deletions
--- a/missing/dtoa.c
+++ b/missing/dtoa.c
@ -1500,6 +1500,7 @@ break2:
 	    if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
 	    if (*s == '0') {
 		while (*++s == '0');
 		if (!*s) goto ret;
 		s1 = strchr(hexdigit, *s);
 	    }
 	    if (s1 != NULL) {
@ -1522,7 +1523,7 @@ break2:
 		for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
 		    adj += aadj * ((s1 - hexdigit) & 15);
 		    if ((aadj /= 16) == 0.0) {
-			while (strchr(hexdigit, *++s));
+			while (*++s && strchr(hexdigit, *s));
 			break;
 		    }
 		}
--- a/test/ruby/test_float.rb
+++ b/test/ruby/test_float.rb
@ -171,6 +171,24 @@ class TestFloat < Test::Unit::TestCase
      assert_raise(ArgumentError, n += z + "A") {Float(n)}
      assert_raise(ArgumentError, n += z + ".0") {Float(n)}
    end
    x = nil
    2000.times do
      x = Float("0x"+"0"*30)
      break unless x == 0.0
    end
    assert_equal(0.0, x, ->{"%a" % x})
    x = nil
    2000.times do
      begin
        x = Float("0x1."+"0"*270)
      rescue ArgumentError => e
        raise unless /"0x1\.0{270}"/ =~ e.message
      else
        break
      end
    end
    assert_nil(x, ->{"%a" % x})
  end
  def test_divmod
--- a/version.h
+++ b/version.h
@ -2,11 +2,11 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 6
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 218
+#define RUBY_PATCHLEVEL 219
 #define RUBY_RELEASE_YEAR 2022
 #define RUBY_RELEASE_MONTH 4
-#define RUBY_RELEASE_DAY 7
+#define RUBY_RELEASE_DAY 12
 #include "ruby/version.h"