summary refs log tree commit diff
path: root/stdlib/tst-strtod-overflow.c
diff options
context:
space:
mode:
authorJoseph Myers <joseph@codesourcery.com>2012-08-27 15:59:24 +0000
committerJoseph Myers <joseph@codesourcery.com>2012-08-27 15:59:24 +0000
commitd6e70f4368533224e66d10b7f2126b899a3fd5e4 (patch)
treef4dbf0ac00306d6466cc7a965ce69286d36c7999 /stdlib/tst-strtod-overflow.c
parent1f529f7d8456f09109a8e942581f89f10a901ed0 (diff)
downloadglibc-d6e70f4368533224e66d10b7f2126b899a3fd5e4.tar.gz
glibc-d6e70f4368533224e66d10b7f2126b899a3fd5e4.tar.xz
glibc-d6e70f4368533224e66d10b7f2126b899a3fd5e4.zip
Fix strtod integer/buffer overflow (bug 14459).
Diffstat (limited to 'stdlib/tst-strtod-overflow.c')
-rw-r--r--stdlib/tst-strtod-overflow.c48
1 files changed, 48 insertions, 0 deletions
diff --git a/stdlib/tst-strtod-overflow.c b/stdlib/tst-strtod-overflow.c
new file mode 100644
index 0000000000..668d55ba10
--- /dev/null
+++ b/stdlib/tst-strtod-overflow.c
@@ -0,0 +1,48 @@
+/* Test for integer/buffer overflow in strtod.
+   Copyright (C) 2012 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define EXPONENT "e-2147483649"
+#define SIZE 214748364
+
+static int
+do_test (void)
+{
+  char *p = malloc (1 + SIZE + sizeof (EXPONENT));
+  if (p == NULL)
+    {
+      puts ("malloc failed, cannot test for overflow");
+      return 0;
+    }
+  p[0] = '1';
+  memset (p + 1, '0', SIZE);
+  memcpy (p + 1 + SIZE, EXPONENT, sizeof (EXPONENT));
+  double d = strtod (p, NULL);
+  if (d != 0)
+    {
+      printf ("strtod returned wrong value: %a\n", d);
+      return 1;
+    }
+  return 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"