diff options
author | Joseph Myers <joseph@codesourcery.com> | 2012-08-27 15:59:24 +0000 |
---|---|---|
committer | Joseph Myers <joseph@codesourcery.com> | 2012-08-27 15:59:24 +0000 |
commit | d6e70f4368533224e66d10b7f2126b899a3fd5e4 (patch) | |
tree | f4dbf0ac00306d6466cc7a965ce69286d36c7999 /stdlib/tst-strtod-overflow.c | |
parent | 1f529f7d8456f09109a8e942581f89f10a901ed0 (diff) | |
download | glibc-d6e70f4368533224e66d10b7f2126b899a3fd5e4.tar.gz glibc-d6e70f4368533224e66d10b7f2126b899a3fd5e4.tar.xz glibc-d6e70f4368533224e66d10b7f2126b899a3fd5e4.zip |
Fix strtod integer/buffer overflow (bug 14459).
Diffstat (limited to 'stdlib/tst-strtod-overflow.c')
-rw-r--r-- | stdlib/tst-strtod-overflow.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/stdlib/tst-strtod-overflow.c b/stdlib/tst-strtod-overflow.c new file mode 100644 index 0000000000..668d55ba10 --- /dev/null +++ b/stdlib/tst-strtod-overflow.c @@ -0,0 +1,48 @@ +/* Test for integer/buffer overflow in strtod. + Copyright (C) 2012 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#define EXPONENT "e-2147483649" +#define SIZE 214748364 + +static int +do_test (void) +{ + char *p = malloc (1 + SIZE + sizeof (EXPONENT)); + if (p == NULL) + { + puts ("malloc failed, cannot test for overflow"); + return 0; + } + p[0] = '1'; + memset (p + 1, '0', SIZE); + memcpy (p + 1 + SIZE, EXPONENT, sizeof (EXPONENT)); + double d = strtod (p, NULL); + if (d != 0) + { + printf ("strtod returned wrong value: %a\n", d); + return 1; + } + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" |