diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-07-01 06:39:17 +0900 |
---|---|---|
committer | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2022-04-12 21:30:49 +0900 |
commit | d0a822eec524522d81ffc7da2bb1baf906b0318a (patch) | |
tree | 3255a74577a649e963eb7a2dc244db6cfe7a2ad5 /missing | |
parent | cf2bbcfff2985c116552967c7c4522f4630f2d18 (diff) | |
download | ruby-d0a822eec524522d81ffc7da2bb1baf906b0318a.tar.gz |
Fix dtoa buffer overrun
https://hackerone.com/reports/1248108
Diffstat (limited to 'missing')
-rw-r--r-- | missing/dtoa.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/missing/dtoa.c b/missing/dtoa.c index a940eabd91..b7a8302875 100644 --- a/missing/dtoa.c +++ b/missing/dtoa.c @@ -1552,6 +1552,7 @@ break2: if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0; if (*s == '0') { while (*++s == '0'); + if (!*s) goto ret; s1 = strchr(hexdigit, *s); } if (s1 != NULL) { @@ -1574,7 +1575,7 @@ break2: for (; *s && (s1 = strchr(hexdigit, *s)); ++s) { adj += aadj * ((s1 - hexdigit) & 15); if ((aadj /= 16) == 0.0) { - while (strchr(hexdigit, *++s)); + while (*++s && strchr(hexdigit, *s)); break; } } |