ref: 25821e6d74fab5fcc200fe5e818362e03e114428
parent: 4d45a96e57fbabf00a7378b337d0ddcace6f38c1
author: Tor Andersson <tor.andersson@artifex.com>
date: Wed Jan 24 11:55:18 EST 2018
Fix 698920: Guard jsdtoa from integer overflow wreaking havoc.
--- a/jsdtoa.c
+++ b/jsdtoa.c
@@ -709,15 +709,19 @@
* fraction.
*/
- if (exp < 0) {+ if (exp < -maxExponent) {+ exp = maxExponent;
expSign = TRUE;
+ errno = ERANGE;
+ } else if (exp > maxExponent) {+ exp = maxExponent;
+ expSign = FALSE;
+ errno = ERANGE;
+ } else if (exp < 0) {+ expSign = TRUE;
exp = -exp;
} else {expSign = FALSE;
- }
- if (exp > maxExponent) {- exp = maxExponent;
- errno = ERANGE;
}
dblExp = 1.0;
for (d = powersOf10; exp != 0; exp >>= 1, d += 1) {