Skip to content

Commit 57e1732

Browse files
author
Charlie Somerville
committed
prevent segv when parsing a large float
1 parent 3860acb commit 57e1732

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

util.c

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -716,6 +716,12 @@ extern void *MALLOC(size_t);
716716
#define MALLOC malloc
717717
#endif
718718

719+
#ifdef FREE
720+
extern void FREE(void*);
721+
#else
722+
#define FREE free
723+
#endif
724+
719725
#ifndef Omit_Private_Memory
720726
#ifndef PRIVATE_MEM
721727
#define PRIVATE_MEM 2304
@@ -1005,7 +1011,7 @@ Balloc(int k)
10051011
#endif
10061012

10071013
ACQUIRE_DTOA_LOCK(0);
1008-
if ((rv = freelist[k]) != 0) {
1014+
if (k <= Kmax && (rv = freelist[k]) != 0) {
10091015
freelist[k] = rv->next;
10101016
}
10111017
else {
@@ -1034,6 +1040,10 @@ static void
10341040
Bfree(Bigint *v)
10351041
{
10361042
if (v) {
1043+
if (v->k > Kmax) {
1044+
FREE(v);
1045+
return;
1046+
}
10371047
ACQUIRE_DTOA_LOCK(0);
10381048
v->next = freelist[v->k];
10391049
freelist[v->k] = v;
@@ -2097,6 +2107,7 @@ ruby_strtod(const char *s00, char **se)
20972107
for (; c >= '0' && c <= '9'; c = *++s) {
20982108
have_dig:
20992109
nz++;
2110+
if (nf > DBL_DIG * 2) continue;
21002111
if (c -= '0') {
21012112
nf += nz;
21022113
for (i = 1; i < nz; i++)

0 commit comments

Comments
 (0)