* [PATCH] Fix array overflow in floating point parser
@ 2010-08-31 13:39 Andreas Schwab
0 siblings, 0 replies; only message in thread
From: Andreas Schwab @ 2010-08-31 13:39 UTC (permalink / raw)
To: libc-hacker
2010-08-31 Andreas Schwab <schwab@redhat.com>
[BZ #7066]
* stdlib/strtod_l.c (____STRTOF_INTERNAL): Fix array overflow when
shifting retval into place.
---
stdlib/strtod_l.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/stdlib/strtod_l.c b/stdlib/strtod_l.c
index cde1280..537d1fb 100644
--- a/stdlib/strtod_l.c
+++ b/stdlib/strtod_l.c
@@ -1491,7 +1491,9 @@ ____STRTOF_INTERNAL (nptr, endptr, group, loc)
register int i;
(void) __mpn_lshift (&retval[used
/ BITS_PER_MP_LIMB],
- retval, RETURN_LIMB_SIZE,
+ retval,
+ (RETURN_LIMB_SIZE
+ - used / BITS_PER_MP_LIMB),
used % BITS_PER_MP_LIMB);
for (i = used / BITS_PER_MP_LIMB - 1; i >= 0; --i)
retval[i] = 0;
--
1.7.2.2
--
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84 5EC7 45C6 250E 6F00 984E
"And now for something completely different."
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-08-31 13:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-31 13:39 [PATCH] Fix array overflow in floating point parser Andreas Schwab
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).