首页 发现 帮助
登录
hongwenjun
/
musl
镜像自地址 https://git.musl-libc.org/git/musl
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

fix carry into uninitialized slots during printf floating point rounding

in cases where rounding caused a carry, the slot into which the carry
was taking place was unconditionally treated as valid, despite the
possibility that it could be a new slot prior to the beginning of the
existing non-rounded number. in theory this could lead to unbounded
runaway carry, but in order for that to happen, the whole
uninitialized buffer would need to have been pre-filled with 32-bit
integer values greater than or equal to 999999999.

patch based on proposed fix by Morten Welinder, who also discovered
and reported the bug.
Rich Felker 11 年之前
父节点
7e8b0761e5
当前提交
109048e031
共有 1 个文件被更改,包括 1 次插入1 次删除
分列视图 显示文件统计
  1. 1 1
      src/stdio/vfprintf.c

+ 1 - 1
src/stdio/vfprintf.c
查看文件 

@@ -356,9 +356,9 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t)
 
 				*d = *d + i;
 
 				while (*d > 999999999) {
 
 					*d--=0;
 
+					if (d<a) *--a=0;
 
 					(*d)++;
 
 				}
 
-				if (d<a) a=d;
 
 				for (i=10, e=9*(r-a); *a>=i; i*=10, e++);
 
 			}
 
 		}