merge revision(s) 63334: [Backport #14729]

	object.c: raise on long invalid float string

	* object.c (rb_cstr_to_dbl_raise): check long invalid float
	  string more precisely when truncating insignificant part.
	  [ruby-core:86800] [Bug #14729]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@66962 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 54 insertions, 25 deletions

diff --git a/object.c b/object.c
index 98d2197c2d..7151271e46 100644
--- a/object.c
+++ b/object.c
@@ -2816,30 +2816,53 @@ rb_cstr_to_dbl(const char *p, int badcheck)
 	return d;
     }
     if (*end) {
-	char buf[DBL_DIG * 4 + 10];
-	char *n = buf;
-	char *e = buf + sizeof(buf) - 1;
-	char prev = 0;
-
-	while (p < end && n < e) prev = *n++ = *p++;
-	while (*p) {
-	    if (*p == '_') {
-		/* remove underscores between digits */
-		if (badcheck) {
-		    if (n == buf || !ISDIGIT(prev)) goto bad;
-		    ++p;
-		    if (!ISDIGIT(*p)) goto bad;
-		}
-		else {
-		    while (*++p == '_');
-		    continue;
-		}
-	    }
-	    prev = *p++;
-	    if (n < e) *n++ = prev;
-	}
-	*n = '\0';
-	p = buf;
+        char buf[DBL_DIG * 4 + 10];
+        char *n = buf;
+        char *const init_e = buf + DBL_DIG * 4;
+        char *e = init_e;
+        char prev = 0;
+        int dot_seen = FALSE;
+
+        switch (*p) {case '+': case '-': prev = *n++ = *p++;}
+        if (*p == '0') {
+            prev = *n++ = '0';
+            while (*++p == '0');
+        }
+        while (p < end && n < e) prev = *n++ = *p++;
+        while (*p) {
+            if (*p == '_') {
+                /* remove an underscore between digits */
+                if (n == buf || !ISDIGIT(prev) || (++p, !ISDIGIT(*p))) {
+                    if (badcheck) goto bad;
+                    break;
+                }
+            }
+            prev = *p++;
+            if (e == init_e && (prev == 'e' || prev == 'E' || prev == 'p' || prev == 'P')) {
+                e = buf + sizeof(buf) - 1;
+                *n++ = prev;
+                switch (*p) {case '+': case '-': prev = *n++ = *p++;}
+                if (*p == '0') {
+                    prev = *n++ = '0';
+                    while (*++p == '0');
+                }
+                continue;
+            }
+            else if (ISSPACE(prev)) {
+                while (ISSPACE(*p)) ++p;
+                if (*p) {
+                    if (badcheck) goto bad;
+                    break;
+                }
+            }
+            else if (prev == '.' ? dot_seen++ : !ISDIGIT(prev)) {
+                if (badcheck) goto bad;
+                break;
+            }
+            if (n < e) *n++ = prev;
+        }
+        *n = '\0';
+        p = buf;
 
 	if (!badcheck && p[0] == '0' && (p[1] == 'x' || p[1] == 'X')) {
 	    return 0.0;
diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb
index fcff9fc7b8..d873461de1 100644
--- a/test/ruby/test_float.rb
+++ b/test/ruby/test_float.rb
@@ -163,6 +163,12 @@ class TestFloat < Test::Unit::TestCase
       assert_equal(-31.0*2**-1027, Float("-0x1f"+("0"*268)+".0p-2099"))
       assert_equal(-31.0*2**-1027, Float("-0x1f"+("0"*600)+".0p-3427"))
     end
+
+    z = "0" * (Float::DIG * 4 + 10)
+    ["long invalid string", "1.0", "1.0e", "1.0e-", "1.0e+"].each do |n|
+      assert_raise(ArgumentError, n += z + "A") {Float(n)}
+      assert_raise(ArgumentError, n += z + ".0") {Float(n)}
+    end
   end
 
   def test_divmod
diff --git a/version.h b/version.h
index 129971ee0c..52ea268f1f 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.4.6"
 #define RUBY_RELEASE_DATE "2019-01-31"
-#define RUBY_PATCHLEVEL 337
+#define RUBY_PATCHLEVEL 338
 
 #define RUBY_RELEASE_YEAR 2019
 #define RUBY_RELEASE_MONTH 1