[Webkit-unassigned] [Bug 25857] new dtoa.cpp strict-aliasing issues with gcc 4.4
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 30 05:20:32 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=25857
------- Comment #6 from benl at google.com 2009-06-30 05:20 PDT -------
Index: wtf/dtoa.cpp
===================================================================
--- wtf/dtoa.cpp (revision 45352)
+++ wtf/dtoa.cpp (working copy)
@@ -1876,9 +1876,15 @@
/* Infinity or NaN */
*decpt = 9999;
if (!word1(&u) && !(word0(&u) & 0xfffff))
- strcpy(result, "Infinity");
- else
- strcpy(result, "NaN");
+ {
+ strncpy(result, "Infinity", ndigits);
+ result[ndigits] = '\0';
+ }
+ else
+ {
+ strncpy(result, "NaN", ndigits);
+ result[ndigits] = '\0';
+ }
return;
}
if (!dval(&u)) {
Index: ChangeLog
===================================================================
--- ChangeLog (revision 45352)
+++ ChangeLog (working copy)
@@ -1,3 +1,14 @@
+2009-06-26 Ben Laurie <benl at google.com>
+
+ Reviewed by NOBODY.
+
+ <https://bugs.webkit.org/show_bug.cgi?id=25857>
+
+ If dtoa was given a small buffer and the number was either
+ infinite or NaN, then the buffer would be overflowed.
+
+ * wtf/dtoa.cpp:
+
2009-06-26 Oliver Hunt <oliver at apple.com>
Reviewed by Dan Bernstein.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list