[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Guile-commits] GNU Guile branch, branch_release-1-8, updated. release_1
|
From: |
Andy Wingo |
|
Subject: |
[Guile-commits] GNU Guile branch, branch_release-1-8, updated. release_1-8-7-1-gd8dd381 |
|
Date: |
Tue, 04 Aug 2009 18:37:19 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Guile".
http://git.savannah.gnu.org/cgit/guile.git/commit/?id=d8dd381fa781c236ae777ca1ac55b73d3ca91c2a
The branch, branch_release-1-8 has been updated
via d8dd381fa781c236ae777ca1ac55b73d3ca91c2a (commit)
from 240a7800d018bce0bd041d801c3a8c139cdd2f61 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d8dd381fa781c236ae777ca1ac55b73d3ca91c2a
Author: Andy Wingo <address@hidden>
Date: Tue Aug 4 20:29:09 2009 +0200
fix buffer overrun reading partial numbers: 1.0f, 1.0/, and 1.0+
* libguile/numbers.c (mem2decimal_from_point, mem2ureal, mem2complex):
Fix a number of cases where, for invalid numbers, we could read past
the end of the buffer. This happened in e.g. "1.0+", "1/" and "1.0f".
But I couldn't figure out how to test for these, given that the
behavior depended on the contents of uninitialized memory in the
reader buffer. We'll just have to be happy with this.
Thanks to Kjetil S. Matheussen for the report.
-----------------------------------------------------------------------
Summary of changes:
libguile/numbers.c | 17 ++++++++++++++++-
1 files changed, 16 insertions(+), 1 deletions(-)
diff --git a/libguile/numbers.c b/libguile/numbers.c
index 2e1635f..9190876 100644
--- a/libguile/numbers.c
+++ b/libguile/numbers.c
@@ -2663,17 +2663,26 @@ mem2decimal_from_point (SCM result, const char* mem,
size_t len,
case 'l': case 'L':
case 's': case 'S':
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
+
start = idx;
c = mem[idx];
if (c == '-')
{
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
+
sign = -1;
c = mem[idx];
}
else if (c == '+')
{
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
+
sign = 1;
c = mem[idx];
}
@@ -2789,8 +2798,10 @@ mem2ureal (const char* mem, size_t len, unsigned int
*p_idx,
SCM divisor;
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
- divisor = mem2uinteger (mem, len, &idx, radix, &x);
+ divisor = mem2uinteger (mem, len, &idx, radix, &x);
if (scm_is_false (divisor))
return SCM_BOOL_F;
@@ -2911,11 +2922,15 @@ mem2complex (const char* mem, size_t len, unsigned int
idx,
if (c == '+')
{
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
sign = 1;
}
else if (c == '-')
{
idx++;
+ if (idx == len)
+ return SCM_BOOL_F;
sign = -1;
}
else
hooks/post-receive
--
GNU Guile
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Guile-commits] GNU Guile branch, branch_release-1-8, updated. release_1-8-7-1-gd8dd381,
Andy Wingo <=