Fix dtoa buffer overrun

https://hackerone.com/reports/1248108
author: Nobuyoshi Nakada <nobu@ruby-lang.org> 2021-07-01 06:39:17 +0900
committer: Nobuyoshi Nakada <nobu@ruby-lang.org> 2022-04-12 21:30:49 +0900
commit: d0a822eec524522d81ffc7da2bb1baf906b0318a (patch)
tree: 3255a74577a649e963eb7a2dc244db6cfe7a2ad5 /missing
parent: cf2bbcfff2985c116552967c7c4522f4630f2d18 (diff)
download: ruby-d0a822eec524522d81ffc7da2bb1baf906b0318a.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/missing/dtoa.c b/missing/dtoa.c
index a940eabd91..b7a8302875 100644
--- a/missing/dtoa.c
+++ b/missing/dtoa.c
@@ -1552,6 +1552,7 @@ break2:
 	    if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
 	    if (*s == '0') {
 		while (*++s == '0');
+		if (!*s) goto ret;
 		s1 = strchr(hexdigit, *s);
 	    }
 	    if (s1 != NULL) {
@@ -1574,7 +1575,7 @@ break2:
 		for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
 		    adj += aadj * ((s1 - hexdigit) & 15);
 		    if ((aadj /= 16) == 0.0) {
-			while (strchr(hexdigit, *++s));
+			while (*++s && strchr(hexdigit, *s));
 			break;
 		    }
 		}
author	Nobuyoshi Nakada <nobu@ruby-lang.org>	2021-07-01 06:39:17 +0900
committer	Nobuyoshi Nakada <nobu@ruby-lang.org>	2022-04-12 21:30:49 +0900
commit	d0a822eec524522d81ffc7da2bb1baf906b0318a (patch)
tree	3255a74577a649e963eb7a2dc244db6cfe7a2ad5 /missing
parent	cf2bbcfff2985c116552967c7c4522f4630f2d18 (diff)
download	ruby-d0a822eec524522d81ffc7da2bb1baf906b0318a.tar.gz