[Libreoffice-commits] core.git: external/dtoa sal/qa

[Stephan Bergmann (via logerrit)]

 external/dtoa/UnpackedTarball_dtoa.mk |    1 +
 external/dtoa/ubsan.patch.0           |   11 +++++++++++
 sal/qa/rtl/math/test-rtl-math.cxx     |    5 +++++
 3 files changed, 17 insertions(+)

New commits:
commit 3820a5c093bcc69e277e6326464749c151031046
Author:     Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Wed Mar 4 13:59:52 2020 +0100
Commit:     Stephan Bergmann <sbergman at redhat.com>
CommitDate: Wed Mar 4 16:37:57 2020 +0100

    ofz#21036: Avoid UBSan signed-integer-overflow in external/dtoa
    
    > workdir/UnpackedTarball/dtoa/src/dtoa.c:3624:12: runtime error: signed integer overflow: 10 * 858993459 cannot be represented in type 'int'
    >  #0 in strtod_nolocale at workdir/UnpackedTarball/dtoa/src/dtoa.c:3624:12 (instdir/program/libuno_sal.so.3 +0x55286d)
    >  #1 in double (anonymous namespace)::stringToDouble<char16_t>(char16_t const*, char16_t const*, char16_t, char16_t, rtl_math_ConversionStatus*, char16_t const**) at sal/rtl/math.cxx:976:20 (instdir/program/libuno_sal.so.3 +0x3b5f0e)
    >  #2 in rtl_math_uStringToDouble at sal/rtl/math.cxx:1028:12 (instdir/program/libuno_sal.so.3 +0x3b1714)
    [...]
    
    Change-Id: If24fca1fb4829ddd763c9920a1af9a90dc2b138c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89966
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sbergman at redhat.com>

diff --git a/external/dtoa/UnpackedTarball_dtoa.mk b/external/dtoa/UnpackedTarball_dtoa.mk
index d0173408ce79..bc4fe55b5a7e 100644
--- a/external/dtoa/UnpackedTarball_dtoa.mk
+++ b/external/dtoa/UnpackedTarball_dtoa.mk
@@ -16,6 +16,7 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,dtoa,1))
 $(eval $(call gb_UnpackedTarball_add_patches,dtoa, \
     external/dtoa/include_header.patch \
     external/dtoa/coverity.patch \
+    external/dtoa/ubsan.patch.0 \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/dtoa/ubsan.patch.0 b/external/dtoa/ubsan.patch.0
new file mode 100644
index 000000000000..de39d41aca68
--- /dev/null
+++ b/external/dtoa/ubsan.patch.0
@@ -0,0 +1,11 @@
+--- src/dtoa.c
++++ src/dtoa.c
+@@ -3618,7 +3618,7 @@
+ 			while(c == '0')
+ 				c = *++s;
+ 			if (c > '0' && c <= '9') {
+-				L = c - '0';
++				ULong L = c - '0';
+ 				s1 = s;
+ 				while((c = *++s) >= '0' && c <= '9')
+ 					L = 10*L + c - '0';
diff --git a/sal/qa/rtl/math/test-rtl-math.cxx b/sal/qa/rtl/math/test-rtl-math.cxx
index 5dab92b81ba8..af45eded639e 100644
--- a/sal/qa/rtl/math/test-rtl-math.cxx
+++ b/sal/qa/rtl/math/test-rtl-math.cxx
@@ -180,6 +180,11 @@ public:
         CPPUNIT_ASSERT_EQUAL(rtl_math_ConversionStatus_Ok, status);
         CPPUNIT_ASSERT_EQUAL(sal_Int32(9), end);
         CPPUNIT_ASSERT_EQUAL(1E308, res);
+
+        res = rtl::math::stringToDouble(OUString("1E8589934590"), '.', ',', &status, &end);
+        CPPUNIT_ASSERT_EQUAL(rtl_math_ConversionStatus_OutOfRange, status);
+        CPPUNIT_ASSERT_EQUAL(sal_Int32(12), end);
+        CPPUNIT_ASSERT_EQUAL(std::numeric_limits<double>::infinity(), res);
     }
 
     void test_stringToDouble_bad() {