From a88ab94e752f6bcc8dea591ddaff0a6992256acf Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 20 Jan 2019 09:17:59 +0000
Subject: merge revision(s) 63334: [Backport #14729]

	object.c: raise on long invalid float string

	* object.c (rb_cstr_to_dbl_raise): check long invalid float
	  string more precisely when truncating insignificant part.
	  [ruby-core:86800] [Bug #14729]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@66880 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 object.c | 70 +++++++++++++++++++++++++++++++++++++++++++---------------------
 1 file changed, 47 insertions(+), 23 deletions(-)

(limited to 'object.c')

diff --git a/object.c b/object.c
index 20508e1d61..463be7bfb1 100644
--- a/object.c
+++ b/object.c
@@ -3239,29 +3239,53 @@ rb_cstr_to_dbl(const char *p, int badcheck)
 	return d;
     }
     if (*end) {
-	char buf[DBL_DIG * 4 + 10];
-	char *n = buf;
-	char *const init_e = buf + DBL_DIG * 4;
-	char *e = init_e;
-	char prev = 0;
-
-	while (p < end && n < e) prev = *n++ = *p++;
-	while (*p) {
-	    if (*p == '_') {
-		/* remove an underscore between digits */
-		if (n == buf || !ISDIGIT(prev) || (++p, !ISDIGIT(*p))) {
-		    if (badcheck) goto bad;
-		    break;
-		}
-	    }
-	    prev = *p++;
-	    if (e == init_e && (*p == 'e' || *p == 'E')) {
-	        e = buf + sizeof(buf) - 1;
-	    }
-	    if (n < e) *n++ = prev;
-	}
-	*n = '\0';
-	p = buf;
+        char buf[DBL_DIG * 4 + 10];
+        char *n = buf;
+        char *const init_e = buf + DBL_DIG * 4;
+        char *e = init_e;
+        char prev = 0;
+        int dot_seen = FALSE;
+
+        switch (*p) {case '+': case '-': prev = *n++ = *p++;}
+        if (*p == '0') {
+            prev = *n++ = '0';
+            while (*++p == '0');
+        }
+        while (p < end && n < e) prev = *n++ = *p++;
+        while (*p) {
+            if (*p == '_') {
+                /* remove an underscore between digits */
+                if (n == buf || !ISDIGIT(prev) || (++p, !ISDIGIT(*p))) {
+                    if (badcheck) goto bad;
+                    break;
+                }
+            }
+            prev = *p++;
+            if (e == init_e && (prev == 'e' || prev == 'E' || prev == 'p' || prev == 'P')) {
+                e = buf + sizeof(buf) - 1;
+                *n++ = prev;
+                switch (*p) {case '+': case '-': prev = *n++ = *p++;}
+                if (*p == '0') {
+                    prev = *n++ = '0';
+                    while (*++p == '0');
+                }
+                continue;
+            }
+            else if (ISSPACE(prev)) {
+                while (ISSPACE(*p)) ++p;
+                if (*p) {
+                    if (badcheck) goto bad;
+                    break;
+                }
+            }
+            else if (prev == '.' ? dot_seen++ : !ISDIGIT(prev)) {
+                if (badcheck) goto bad;
+                break;
+            }
+            if (n < e) *n++ = prev;
+        }
+        *n = '\0';
+        p = buf;
 
 	if (!badcheck && p[0] == '0' && (p[1] == 'x' || p[1] == 'X')) {
 	    return 0.0;
-- 
cgit v1.2.3