From 2fb838c803e6c96f2b23b610e6bebd950ce6430b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= <s@saghul.net>
Date: Fri, 22 Dec 2023 22:50:02 +0100
Subject: [PATCH] Fix UB in js_dtoa1

---
 quickjs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/quickjs.c b/quickjs.c
index 52d6517..7be7abb 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -11110,8 +11110,10 @@ static void js_dtoa1(char (*buf)[JS_DTOA_BUF_SIZE], double d,
     } else if (flags == JS_DTOA_VAR_FORMAT) {
         int64_t i64;
         char buf1[70], *ptr;
+        if (d > (double)MAX_SAFE_INTEGER || d < (double)-MAX_SAFE_INTEGER)
+            goto generic_conv;
         i64 = (int64_t)d;
-        if (d != i64 || i64 > MAX_SAFE_INTEGER || i64 < -MAX_SAFE_INTEGER)
+        if (d != i64)
             goto generic_conv;
         /* fast path for integers */
         ptr = i64toa(buf1 + sizeof(buf1), i64, radix);