From d6e70f4368533224e66d10b7f2126b899a3fd5e4 Mon Sep 17 00:00:00 2001 From: Joseph Myers Date: Mon, 27 Aug 2012 15:59:24 +0000 Subject: Fix strtod integer/buffer overflow (bug 14459). --- stdlib/tst-strtod-overflow.c | 48 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 stdlib/tst-strtod-overflow.c (limited to 'stdlib/tst-strtod-overflow.c') diff --git a/stdlib/tst-strtod-overflow.c b/stdlib/tst-strtod-overflow.c new file mode 100644 index 0000000000..668d55ba10 --- /dev/null +++ b/stdlib/tst-strtod-overflow.c @@ -0,0 +1,48 @@ +/* Test for integer/buffer overflow in strtod. + Copyright (C) 2012 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +#define EXPONENT "e-2147483649" +#define SIZE 214748364 + +static int +do_test (void) +{ + char *p = malloc (1 + SIZE + sizeof (EXPONENT)); + if (p == NULL) + { + puts ("malloc failed, cannot test for overflow"); + return 0; + } + p[0] = '1'; + memset (p + 1, '0', SIZE); + memcpy (p + 1 + SIZE, EXPONENT, sizeof (EXPONENT)); + double d = strtod (p, NULL); + if (d != 0) + { + printf ("strtod returned wrong value: %a\n", d); + return 1; + } + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" -- cgit v1.2.3