[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Guile-commits] GNU Guile branch, master, updated. release_1-9-1-27-gee0
|
From: |
Andy Wingo |
|
Subject: |
[Guile-commits] GNU Guile branch, master, updated. release_1-9-1-27-gee0ddd2 |
|
Date: |
Tue, 04 Aug 2009 18:28:45 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Guile".
http://git.savannah.gnu.org/cgit/guile.git/commit/?id=ee0ddd21211757664092eaec631c4c76f4aae74f
The branch, master has been updated
via ee0ddd21211757664092eaec631c4c76f4aae74f (commit)
from a876e7dcea78e770bedba40017fbb225cf88bff5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ee0ddd21211757664092eaec631c4c76f4aae74f
Author: Andy Wingo <address@hidden>
Date: Tue Aug 4 20:29:09 2009 +0200
fix buffer overrun reading partial numbers: 1.0f, 1.0/, and 1.0+
* libguile/numbers.c (mem2decimal_from_point, mem2ureal, mem2complex):
Fix a number of cases where, for invalid numbers, we could read past
the end of the buffer. This happened in e.g. "1.0+", "1/" and "1.0f".
But I couldn't figure out how to test for these, given that the
behavior depended on the contents of uninitialized memory in the
reader buffer. We'll just have to be happy with this.
Thanks to Kjetil S. Matheussen for the report.
-----------------------------------------------------------------------
Summary of changes:
libguile/numbers.c | 17 ++++++++++++++++-
1 files changed, 16 insertions(+), 1 deletions(-)
diff --git a/libguile/numbers.c b/libguile/numbers.c
index 5f56b7a..b4bff81 100644
--- a/libguile/numbers.c
+++ b/libguile/numbers.c
@@ -2657,17 +2657,26 @@ mem2decimal_from_point (SCM result, const char* mem,
size_t len,
case 'l': case 'L':
case 's': case 'S':
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
+
start = idx;
c = mem[idx];
if (c == '-')
{
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
+
sign = -1;
c = mem[idx];
}
else if (c == '+')
{
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
+
sign = 1;
c = mem[idx];
}
@@ -2783,8 +2792,10 @@ mem2ureal (const char* mem, size_t len, unsigned int
*p_idx,
SCM divisor;
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
- divisor = mem2uinteger (mem, len, &idx, radix, &x);
+ divisor = mem2uinteger (mem, len, &idx, radix, &x);
if (scm_is_false (divisor))
return SCM_BOOL_F;
@@ -2905,11 +2916,15 @@ mem2complex (const char* mem, size_t len, unsigned int
idx,
if (c == '+')
{
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
sign = 1;
}
else if (c == '-')
{
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
sign = -1;
}
else
hooks/post-receive
--
GNU Guile
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Guile-commits] GNU Guile branch, master, updated. release_1-9-1-27-gee0ddd2,
Andy Wingo <=