diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-04-10 21:54:07 +0200 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-04-10 21:54:07 +0200 |
commit | 677b2e8fe8187f3ba981dc97f65e75fec2dec62c (patch) | |
tree | d308fac2b32a41e0abd157c0d7c8c983ef0973df | |
parent | 075b6087785d7ba3dd6904f117ef9d0b9aa36a2b (diff) | |
download | libxslt-677b2e8fe8187f3ba981dc97f65e75fec2dec62c.tar.gz |
numbers: Fix floating point overflow in xsltFormatNumberConversion
Found by OSS-Fuzz.
-rw-r--r-- | libxslt/numbers.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/libxslt/numbers.c b/libxslt/numbers.c index e0ae6259..1764abba 100644 --- a/libxslt/numbers.c +++ b/libxslt/numbers.c @@ -965,6 +965,7 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self, xmlChar *the_format, *prefix = NULL, *suffix = NULL; xmlChar *nprefix, *nsuffix = NULL; int prefix_length, suffix_length = 0, nprefix_length, nsuffix_length; + int exp10; double scale; int j, len = 0; int self_grouping_len; @@ -1303,7 +1304,18 @@ OUTPUT_NUMBER: /* Round to n digits */ number = fabs(number); - scale = pow(10.0, (double)(format_info.frac_digits + format_info.frac_hash)); + exp10 = format_info.frac_digits + format_info.frac_hash; + /* DBL_MAX_10_EXP should be 308 on IEEE platforms. */ + if (exp10 > DBL_MAX_10_EXP) { + if (format_info.frac_digits > DBL_MAX_10_EXP) { + format_info.frac_digits = DBL_MAX_10_EXP; + format_info.frac_hash = 0; + } else { + format_info.frac_hash = DBL_MAX_10_EXP - format_info.frac_digits; + } + exp10 = DBL_MAX_10_EXP; + } + scale = pow(10.0, (double) exp10); number += .5 / scale; number -= fmod(number, 1 / scale); |