lenn/yaml-cpp
1
0
Fork 0
mirror of https://github.com/jbeder/yaml-cpp.git synced 2026-01-02 03:57:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: overflow buffer with large precision values

Browse Source 
Issue #1385 demonstrates how a large 'precision' value can cause buffer
overflows. Originally, the buffer was designed to fit any scientific
notation. But the precision changes at which point large floating point
numbers are displayed in scientific notation or default notation.
In case of the default notation many extra zeros have to be printed,
this was not reflected in the output_buffer and an overflow could
occur.

This PR computes the number of zero that do not fit into the static
buffer and appends them at the end of the function triggering potential
a second dynamic allocation. (The first allocation is the std::string
allocation).
This commit is contained in:
Simon Gene Gottlieb
2025-12-10 03:22:22 +01:00
committed by Jesse Beder
parent a2826e8983
commit c7aa78d294
2 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/fptostring_test.cpp
View File

@@ -239,5 +239,9 @@ TEST(FpToStringTest, conversion_float) {
EXPECT_EQ("-1.3e-05", FpToString(-1.299e-5f, 2));
}
TEST(FpToStringTest, vulnerability_stack_buffer_overflow) {
EXPECT_EQ(FpToString(1.0e100, 200), "10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");
}
} // namespace
} // namespace YAML