Fix dtoa buffer overrun

https://hackerone.com/reports/1248108
Merged: https://github.com/ruby/ruby/pull/5794
2025-08-15 13:39:04 +02:00 · 2021-07-01 06:39:17 +09:00 · 2021-07-01 06:39:17 +09:00 · d0a822eec5 · 2022-04-12 21:31:09 +09:00
commit d0a822eec5
parent cf2bbcfff2
2 changed files with 20 additions and 1 deletions
--- a/missing/dtoa.c
+++ b/missing/dtoa.c
@ -1552,6 +1552,7 @@ break2:
 	    if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
 	    if (*s == '0') {
 		while (*++s == '0');
+		if (!*s) goto ret;
 		s1 = strchr(hexdigit, *s);
 	    }
 	    if (s1 != NULL) {
@ -1574,7 +1575,7 @@ break2:
 		for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
 		    adj += aadj * ((s1 - hexdigit) & 15);
 		    if ((aadj /= 16) == 0.0) {
-			while (strchr(hexdigit, *++s));
+			while (*++s && strchr(hexdigit, *s));
 			break;
 		    }
 		}