This is the mail archive of the libc-hacker@sourceware.org mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] Fix array overflow in floating point parser

From: Andreas Schwab <schwab at redhat dot com>
To: libc-hacker at sourceware dot org
Date: Tue, 31 Aug 2010 15:39:37 +0200
Subject: [PATCH] Fix array overflow in floating point parser

2010-08-31  Andreas Schwab  <schwab@redhat.com>

	[BZ #7066]
	* stdlib/strtod_l.c (____STRTOF_INTERNAL): Fix array overflow when
	shifting retval into place.
---
 stdlib/strtod_l.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/stdlib/strtod_l.c b/stdlib/strtod_l.c
index cde1280..537d1fb 100644
--- a/stdlib/strtod_l.c
+++ b/stdlib/strtod_l.c
@@ -1491,7 +1491,9 @@ ____STRTOF_INTERNAL (nptr, endptr, group, loc)
 			  register int i;
 			  (void) __mpn_lshift (&retval[used
 						       / BITS_PER_MP_LIMB],
-					       retval, RETURN_LIMB_SIZE,
+					       retval,
+					       (RETURN_LIMB_SIZE
+						- used / BITS_PER_MP_LIMB),
 					       used % BITS_PER_MP_LIMB);
 			  for (i = used / BITS_PER_MP_LIMB - 1; i >= 0; --i)
 			    retval[i] = 0;
-- 
1.7.2.2


-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]