gc.c: check numeric string

* gc.c (get_envparam_int, get_envparam_double): check invalid string
  as numeric.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 19 insertions, 2 deletions

diff --git a/gc.c b/gc.c
index 20f57132e5..d5d49f0bd4 100644
--- a/gc.c
+++ b/gc.c
@@ -5652,7 +5652,19 @@ get_envparam_int(const char *name, unsigned int *default_value, int lower_bound)
     int val;
 
     if (ptr != NULL) {
-	val = atoi(ptr);
+	char *end;
+	long lval = strtol(ptr, &end, 10);
+	if (!*ptr || *end) {
+	    if (RTEST(ruby_verbose)) fprintf(stderr, "invalid string for %s: %s\n", name, ptr);
+	    return 0;
+	}
+# if LONG_MAX > INT_MAX
+	if (lval < INT_MIN || INT_MAX < lval) {
+	    if (RTEST(ruby_verbose)) fprintf(stderr, "integer overflow for %s: %ld\n", name, lval);
+	    return 0;
+	}
+# endif
+	val = (int)lval;
 	if (val > lower_bound) {
 	    if (RTEST(ruby_verbose)) fprintf(stderr, "%s=%d (default value: %d)\n", name, val, *default_value);
 	    *default_value = val;
@@ -5672,7 +5684,12 @@ get_envparam_double(const char *name, double *default_value, double lower_bound)
     double val;
 
     if (ptr != NULL) {
-	val = strtod(ptr, NULL);
+	char *end;
+	val = strtod(ptr, &end);
+	if (!*ptr || *end) {
+	    if (RTEST(ruby_verbose)) fprintf(stderr, "invalid string for %s: %s\n", name, ptr);
+	    return 0;
+	}
 	if (val > lower_bound) {
 	    if (RTEST(ruby_verbose)) fprintf(stderr, "%s=%f (%f)\n", name, val, *default_value);
 	    *default_value = val;