diff options
| author | Alan Modra <amodra@gmail.com> | 2022-06-02 18:28:57 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2022-06-02 18:28:57 +0930 |
| commit | b038f394a9fb41b3bc45a55e6bffac5bac9fe9ef (patch) | |
| tree | 9f58bb405bdc12224d4f36cf715db77bace2816c /gas | |
| parent | ee6cbff21381025f988457d9481d5b3b8d05bb72 (diff) | |
| download | binutils-gdb-b038f394a9fb41b3bc45a55e6bffac5bac9fe9ef.tar.gz | |
ubsan: signed integer overflow in atof_generic
Fix the signed overflows by using unsigned variables and detect
overflow at BUG! comment.
* atof-generic.c (atof_generic): Avoid signed integer overflow.
Return ERROR_EXPONENT_OVERFLOW if exponent overflows a long.
Diffstat (limited to 'gas')
| -rw-r--r-- | gas/atof-generic.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/gas/atof-generic.c b/gas/atof-generic.c index c3f818d9489..91583194868 100644 --- a/gas/atof-generic.c +++ b/gas/atof-generic.c @@ -72,11 +72,11 @@ atof_generic (/* return pointer to just AFTER number we read. */ const char *string_of_decimal_exponent_marks, FLONUM_TYPE *address_of_generic_floating_point_number) { - int return_value; /* 0 means OK. */ + int return_value = 0; /* 0 means OK. */ char *first_digit; unsigned int number_of_digits_before_decimal; unsigned int number_of_digits_after_decimal; - long decimal_exponent; + unsigned long decimal_exponent; unsigned int number_of_digits_available; char digits_sign_char; @@ -204,7 +204,7 @@ atof_generic (/* return pointer to just AFTER number we read. */ deleting zeros after decimal. In this case the decimal mark and the first zero digits after decimal mark are skipped. */ seen_significant_digit = 0; - signed long subtract_decimal_exponent = 0; + unsigned long subtract_decimal_exponent = 0; if (c && IS_DECIMAL_MARK (c)) { @@ -300,10 +300,11 @@ atof_generic (/* return pointer to just AFTER number we read. */ { if (ISDIGIT (c)) { + if (decimal_exponent > LONG_MAX / 10 + || (decimal_exponent == LONG_MAX / 10 + && c > '0' + (char) (LONG_MAX - LONG_MAX / 10 * 10))) + return_value = ERROR_EXPONENT_OVERFLOW; decimal_exponent = decimal_exponent * 10 + c - '0'; - /* - * BUG! If we overflow here, we lose! - */ } else { @@ -327,7 +328,6 @@ atof_generic (/* return pointer to just AFTER number we read. */ number_of_digits_available = number_of_digits_before_decimal + number_of_digits_after_decimal; - return_value = 0; if (number_of_digits_available == 0) { address_of_generic_floating_point_number->exponent = 0; /* Not strictly necessary */ @@ -505,7 +505,7 @@ atof_generic (/* return pointer to just AFTER number we read. */ size_of_power_in_littlenums = precision; /* Precision has a built-in fudge factor so we get a few guard bits. */ - decimal_exponent_is_negative = decimal_exponent < 0; + decimal_exponent_is_negative = (long) decimal_exponent < 0; if (decimal_exponent_is_negative) { decimal_exponent = -decimal_exponent; |