[libc-commits] [libc] b5f0a87 - [libc] Fix strtod hex exponent overflow bug

Michael Jones via libc-commits libc-commits at lists.llvm.org
Wed Apr 19 16:32:26 PDT 2023 

Author: Michael Jones
Date: 2023-04-19T16:32:20-07:00
New Revision: b5f0a87686b299e9fc6f683be258101b54383d54

URL: https://github.com/llvm/llvm-project/commit/b5f0a87686b299e9fc6f683be258101b54383d54
DIFF: https://github.com/llvm/llvm-project/commit/b5f0a87686b299e9fc6f683be258101b54383d54.diff

LOG: [libc] Fix strtod hex exponent overflow bug

Same issue as was fixed in commit 3d95323, but for hexadecimal floats.

Reviewed By: sivachandra

Differential Revision: https://reviews.llvm.org/D148545

Added: 
    

Modified: 
    libc/src/__support/str_to_float.h
    libc/test/src/stdlib/strtod_test.cpp

Removed: 
    


################################################################################
diff  --git a/libc/src/__support/str_to_float.h b/libc/src/__support/str_to_float.h
index 6c298d47ff87f..0697cf0a68c32 100644
--- a/libc/src/__support/str_to_float.h
+++ b/libc/src/__support/str_to_float.h
@@ -1052,13 +1052,12 @@ hexadecimal_string_to_float(const char *__restrict src,
 
       // If the result is in the valid range, then we use it. The valid range is
       // also within the int32 range, so this prevents overflow issues.
-      if (temp_exponent < fputil::FPBits<T>::MAX_EXPONENT &&
-          temp_exponent > -fputil::FPBits<T>::MAX_EXPONENT) {
-        exponent = static_cast<int32_t>(temp_exponent);
-      } else if (temp_exponent > fputil::FPBits<T>::MAX_EXPONENT) {
+      if (temp_exponent > fputil::FPBits<T>::MAX_EXPONENT) {
         exponent = fputil::FPBits<T>::MAX_EXPONENT;
-      } else {
+      } else if (temp_exponent < -fputil::FPBits<T>::MAX_EXPONENT) {
         exponent = -fputil::FPBits<T>::MAX_EXPONENT;
+      } else {
+        exponent = static_cast<int32_t>(temp_exponent);
       }
     }
   }

diff  --git a/libc/test/src/stdlib/strtod_test.cpp b/libc/test/src/stdlib/strtod_test.cpp
index aa81eca7a04aa..fee32cd5fab34 100644
--- a/libc/test/src/stdlib/strtod_test.cpp
+++ b/libc/test/src/stdlib/strtod_test.cpp
@@ -220,6 +220,9 @@ TEST_F(LlvmLibcStrToDTest, FuzzFailures) {
       "200000000000000000E608",
       1462, uint64_t(0x7ff0000000000000), ERANGE);
 
+  // Same as above but for hex.
+  run_test("0x0164810157p2047", 17, uint64_t(0x7ff0000000000000), ERANGE);
+
   // This bug was in the handling of very large exponents in the exponent
   // marker. Previously anything greater than 10,000 would be set to 10,000.
   // This caused incorrect behavior if there were more than 10,000 '0's in the

More information about the libc-commits mailing list