about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog8
-rw-r--r--inet/inet6_opt.c2
-rw-r--r--stdlib/Makefile2
-rw-r--r--stdlib/strtod_l.c3
-rw-r--r--stdlib/tst-strtod6.c53
5 files changed, 66 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 911775530b..702c10eafe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2008-03-08  Ulrich Drepper  <drepper@redhat.com>
 
+	[BZ #5774]
+	* stdlib/strtod_l.c (____STRTOF_INTERNAL): Consume closing brace
+	on NAN(...) sequence.
+	* stdlib/Makefile (tests): Add tst-strtod6.
+	* stdlib/tst-strtod6.c: New file.
+
+	* inet/inet6_opt.c (inet6_opt_init): Check extlen for overflow.
+
 	[BZ #5762]
 	* posix/getopt.c (_getopt_internal_r): Clarify error message by
 	putting offending option character in quotes.  Clean up error
diff --git a/inet/inet6_opt.c b/inet/inet6_opt.c
index 83063d2259..ccf7af5f61 100644
--- a/inet/inet6_opt.c
+++ b/inet/inet6_opt.c
@@ -34,7 +34,7 @@ inet6_opt_init (void *extbuf, socklen_t extlen)
 {
   if (extbuf != NULL)
     {
-      if (extlen <= 0 || (extlen % 8) != 0)
+      if (extlen <= 0 || (extlen % 8) != 0 || extlen > 256 * 8)
 	return -1;
 
       /* Fill in the length in units of 8 octets.  */
diff --git a/stdlib/Makefile b/stdlib/Makefile
index 63917812d0..1fe7f70177 100644
--- a/stdlib/Makefile
+++ b/stdlib/Makefile
@@ -69,7 +69,7 @@ tests		:= tst-strtol tst-strtod testmb testrand testsort testdiv   \
 		   test-a64l tst-qsort tst-system testmb2 bug-strtod2	    \
 		   tst-atof1 tst-atof2 tst-strtod2 tst-strtod3 tst-rand48-2 \
 		   tst-makecontext tst-strtod4 tst-strtod5 tst-qsort2	    \
-		   tst-makecontext2
+		   tst-makecontext2 tst-strtod6
 
 include ../Makeconfig
 
diff --git a/stdlib/strtod_l.c b/stdlib/strtod_l.c
index d1c2b62852..9c2f86a32b 100644
--- a/stdlib/strtod_l.c
+++ b/stdlib/strtod_l.c
@@ -594,6 +594,9 @@ ____STRTOF_INTERNAL (nptr, endptr, group, loc)
 		  mant = STRTOULL (startp + 1, &endp, 0);
 		  if (endp == cp)
 		    SET_MANTISSA (retval, mant);
+
+		  /* Consume the closing brace.  */
+		  ++cp;
 		}
 	    }
 
diff --git a/stdlib/tst-strtod6.c b/stdlib/tst-strtod6.c
new file mode 100644
index 0000000000..fdb104f9ca
--- /dev/null
+++ b/stdlib/tst-strtod6.c
@@ -0,0 +1,53 @@
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static int
+do_test (void)
+{
+  static const char str[] = "NaN(blabla)something";
+  char *endp;
+  int result = 0;
+
+  double d = strtod (str, &endp);
+  if (!isnan (d))
+    {
+      puts ("strtod did not return NAN");
+      result = 1;
+    }
+  if (strcmp (endp, "something") != 0)
+    {
+      puts  ("strtod set incorrect end pointer");
+      result = 1;
+    }
+
+  float f = strtof (str, &endp);
+  if (!isnanf (f))
+    {
+      puts ("strtof did not return NAN");
+      result = 1;
+    }
+  if (strcmp (endp, "something") != 0)
+    {
+      puts  ("strtof set incorrect end pointer");
+      result = 1;
+    }
+
+  long double ld = strtold (str, &endp);
+  if (!isnan (ld))
+    {
+      puts ("strtold did not return NAN");
+      result = 1;
+    }
+  if (strcmp (endp, "something") != 0)
+    {
+      puts  ("strtold set incorrect end pointer");
+      result = 1;
+    }
+
+  return result;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"