From d0a822eec524522d81ffc7da2bb1baf906b0318a Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Thu, 1 Jul 2021 06:39:17 +0900
Subject: Fix dtoa buffer overrun

https://hackerone.com/reports/1248108
---
 test/ruby/test_float.rb | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'test/ruby')

diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb
index 4be2cfeeda..57a46fce92 100644
--- a/test/ruby/test_float.rb
+++ b/test/ruby/test_float.rb
@@ -171,6 +171,24 @@ class TestFloat < Test::Unit::TestCase
       assert_raise(ArgumentError, n += z + "A") {Float(n)}
       assert_raise(ArgumentError, n += z + ".0") {Float(n)}
     end
+
+    x = nil
+    2000.times do
+      x = Float("0x"+"0"*30)
+      break unless x == 0.0
+    end
+    assert_equal(0.0, x, ->{"%a" % x})
+    x = nil
+    2000.times do
+      begin
+        x = Float("0x1."+"0"*270)
+      rescue ArgumentError => e
+        raise unless /"0x1\.0{270}"/ =~ e.message
+      else
+        break
+      end
+    end
+    assert_nil(x, ->{"%a" % x})
   end
 
   def test_divmod
-- 
cgit v1.2.3