Fix UB in js_dtoa1

This commit is contained in:
Saúl Ibarra Corretgé 2023-12-22 22:50:02 +01:00
parent fad030bef2
commit 2fb838c803

View file

@ -11110,8 +11110,10 @@ static void js_dtoa1(char (*buf)[JS_DTOA_BUF_SIZE], double d,
} else if (flags == JS_DTOA_VAR_FORMAT) { } else if (flags == JS_DTOA_VAR_FORMAT) {
int64_t i64; int64_t i64;
char buf1[70], *ptr; char buf1[70], *ptr;
if (d > (double)MAX_SAFE_INTEGER || d < (double)-MAX_SAFE_INTEGER)
goto generic_conv;
i64 = (int64_t)d; i64 = (int64_t)d;
if (d != i64 || i64 > MAX_SAFE_INTEGER || i64 < -MAX_SAFE_INTEGER) if (d != i64)
goto generic_conv; goto generic_conv;
/* fast path for integers */ /* fast path for integers */
ptr = i64toa(buf1 + sizeof(buf1), i64, radix); ptr = i64toa(buf1 + sizeof(buf1), i64, radix);