diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2020-03-04 13:59:52 +0100 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2020-03-04 16:37:57 +0100 |
| commit | 3820a5c093bcc69e277e6326464749c151031046 (patch) | |
| tree | c02c8bea356839414f0c739835280d43e2911ddb | |
| parent | dc05428405fb96f28b2d7c7bcfa9033f3f5248a3 (diff) | |
ofz#21036: Avoid UBSan signed-integer-overflow in external/dtoa
> workdir/UnpackedTarball/dtoa/src/dtoa.c:3624:12: runtime error: signed integer overflow: 10 * 858993459 cannot be represented in type 'int'
> #0 in strtod_nolocale at workdir/UnpackedTarball/dtoa/src/dtoa.c:3624:12 (instdir/program/libuno_sal.so.3 +0x55286d)
> #1 in double (anonymous namespace)::stringToDouble<char16_t>(char16_t const*, char16_t const*, char16_t, char16_t, rtl_math_ConversionStatus*, char16_t const**) at sal/rtl/math.cxx:976:20 (instdir/program/libuno_sal.so.3 +0x3b5f0e)
> #2 in rtl_math_uStringToDouble at sal/rtl/math.cxx:1028:12 (instdir/program/libuno_sal.so.3 +0x3b1714)
[...]
Change-Id: If24fca1fb4829ddd763c9920a1af9a90dc2b138c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89966
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
| -rw-r--r-- | external/dtoa/UnpackedTarball_dtoa.mk | 1 | ||||
| -rw-r--r-- | external/dtoa/ubsan.patch.0 | 11 | ||||
| -rw-r--r-- | sal/qa/rtl/math/test-rtl-math.cxx | 5 |
3 files changed, 17 insertions, 0 deletions
diff --git a/external/dtoa/UnpackedTarball_dtoa.mk b/external/dtoa/UnpackedTarball_dtoa.mk index d0173408ce79..bc4fe55b5a7e 100644 --- a/external/dtoa/UnpackedTarball_dtoa.mk +++ b/external/dtoa/UnpackedTarball_dtoa.mk @@ -16,6 +16,7 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,dtoa,1)) $(eval $(call gb_UnpackedTarball_add_patches,dtoa, \ external/dtoa/include_header.patch \ external/dtoa/coverity.patch \ + external/dtoa/ubsan.patch.0 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/dtoa/ubsan.patch.0 b/external/dtoa/ubsan.patch.0 new file mode 100644 index 000000000000..de39d41aca68 --- /dev/null +++ b/external/dtoa/ubsan.patch.0 @@ -0,0 +1,11 @@ +--- src/dtoa.c ++++ src/dtoa.c +@@ -3618,7 +3618,7 @@ + while(c == '0') + c = *++s; + if (c > '0' && c <= '9') { +- L = c - '0'; ++ ULong L = c - '0'; + s1 = s; + while((c = *++s) >= '0' && c <= '9') + L = 10*L + c - '0'; diff --git a/sal/qa/rtl/math/test-rtl-math.cxx b/sal/qa/rtl/math/test-rtl-math.cxx index 5dab92b81ba8..af45eded639e 100644 --- a/sal/qa/rtl/math/test-rtl-math.cxx +++ b/sal/qa/rtl/math/test-rtl-math.cxx @@ -180,6 +180,11 @@ public: CPPUNIT_ASSERT_EQUAL(rtl_math_ConversionStatus_Ok, status); CPPUNIT_ASSERT_EQUAL(sal_Int32(9), end); CPPUNIT_ASSERT_EQUAL(1E308, res); + + res = rtl::math::stringToDouble(OUString("1E8589934590"), '.', ',', &status, &end); + CPPUNIT_ASSERT_EQUAL(rtl_math_ConversionStatus_OutOfRange, status); + CPPUNIT_ASSERT_EQUAL(sal_Int32(12), end); + CPPUNIT_ASSERT_EQUAL(std::numeric_limits<double>::infinity(), res); } void test_stringToDouble_bad() { |