merge revision(s) 63334: [Backport #14729]

	object.c: raise on long invalid float string

	* object.c (rb_cstr_to_dbl_raise): check long invalid float
	  string more precisely when truncating insignificant part.
	  [ruby-core:86800] [Bug #14729]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@66880 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 54 insertions, 24 deletions

diff --git a/object.c b/object.c
index 20508e1d61..463be7bfb1 100644
--- a/object.c
+++ b/object.c
@@ -3239,29 +3239,53 @@ rb_cstr_to_dbl(const char *p, int badcheck)
 	return d;
     }
     if (*end) {
-	char buf[DBL_DIG * 4 + 10];
-	char *n = buf;
-	char *const init_e = buf + DBL_DIG * 4;
-	char *e = init_e;
-	char prev = 0;
-
-	while (p < end && n < e) prev = *n++ = *p++;
-	while (*p) {
-	    if (*p == '_') {
-		/* remove an underscore between digits */
-		if (n == buf || !ISDIGIT(prev) || (++p, !ISDIGIT(*p))) {
-		    if (badcheck) goto bad;
-		    break;
-		}
-	    }
-	    prev = *p++;
-	    if (e == init_e && (*p == 'e' || *p == 'E')) {
-	        e = buf + sizeof(buf) - 1;
-	    }
-	    if (n < e) *n++ = prev;
-	}
-	*n = '\0';
-	p = buf;
+        char buf[DBL_DIG * 4 + 10];
+        char *n = buf;
+        char *const init_e = buf + DBL_DIG * 4;
+        char *e = init_e;
+        char prev = 0;
+        int dot_seen = FALSE;
+
+        switch (*p) {case '+': case '-': prev = *n++ = *p++;}
+        if (*p == '0') {
+            prev = *n++ = '0';
+            while (*++p == '0');
+        }
+        while (p < end && n < e) prev = *n++ = *p++;
+        while (*p) {
+            if (*p == '_') {
+                /* remove an underscore between digits */
+                if (n == buf || !ISDIGIT(prev) || (++p, !ISDIGIT(*p))) {
+                    if (badcheck) goto bad;
+                    break;
+                }
+            }
+            prev = *p++;
+            if (e == init_e && (prev == 'e' || prev == 'E' || prev == 'p' || prev == 'P')) {
+                e = buf + sizeof(buf) - 1;
+                *n++ = prev;
+                switch (*p) {case '+': case '-': prev = *n++ = *p++;}
+                if (*p == '0') {
+                    prev = *n++ = '0';
+                    while (*++p == '0');
+                }
+                continue;
+            }
+            else if (ISSPACE(prev)) {
+                while (ISSPACE(*p)) ++p;
+                if (*p) {
+                    if (badcheck) goto bad;
+                    break;
+                }
+            }
+            else if (prev == '.' ? dot_seen++ : !ISDIGIT(prev)) {
+                if (badcheck) goto bad;
+                break;
+            }
+            if (n < e) *n++ = prev;
+        }
+        *n = '\0';
+        p = buf;
 
 	if (!badcheck && p[0] == '0' && (p[1] == 'x' || p[1] == 'X')) {
 	    return 0.0;
diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb
index 67432627d8..7fabfd351d 100644
--- a/test/ruby/test_float.rb
+++ b/test/ruby/test_float.rb
@@ -165,6 +165,12 @@ class TestFloat < Test::Unit::TestCase
     end
 
     assert_equal(1.0e10, Float("1.0_"+"00000"*Float::DIG+"e10"))
+
+    z = "0" * (Float::DIG * 4 + 10)
+    all_assertions_foreach("long invalid string", "1.0", "1.0e", "1.0e-", "1.0e+") do |n|
+      assert_raise(ArgumentError, n += z + "A") {Float(n)}
+      assert_raise(ArgumentError, n += z + ".0") {Float(n)}
+    end
   end
 
   def test_divmod
diff --git a/version.h b/version.h
index 5f0560c88b..7c1ad2c842 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.5.4"
 #define RUBY_RELEASE_DATE "2019-01-20"
-#define RUBY_PATCHLEVEL 135
+#define RUBY_PATCHLEVEL 136
 
 #define RUBY_RELEASE_YEAR 2019
 #define RUBY_RELEASE_MONTH 1