fmt_fp.c: truncate precision to prevent buffer overflow.

author: Yukihiro "Matz" Matsumoto <[email protected]> 2021-05-25 13:32:29 +0900
committer: Yukihiro "Matz" Matsumoto <[email protected]> 2021-05-25 13:32:29 +0900
commit: 063b49ab8e6a10212c7f88e5b114b90fe59296f7 (patch)
tree: bb6e5a71ace3cb003e5c0037c14a680882069a84 /src
parent: afbc199ed3b0820f156681548bf91290a2be48f4 (diff)
download: mruby-063b49ab8e6a10212c7f88e5b114b90fe59296f7.tar.gz
mruby-063b49ab8e6a10212c7f88e5b114b90fe59296f7.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/src/fmt_fp.c b/src/fmt_fp.c
index 807debe11..8a156b3d9 100644
--- a/src/fmt_fp.c
+++ b/src/fmt_fp.c
@@ -180,13 +180,13 @@ mrb_format_float(mrb_float f, char *buf, size_t buf_size, char fmt, int prec, ch
       dec = -1;
       *s++ = first_dig;
 
-      if (prec + e + 1 > buf_remaining) {
-        prec = buf_remaining - e - 1;
-      }
-
       if (org_fmt == 'g') {
         prec += (e - 1);
       }
+      // truncate precision to prevent buffer overflow
+      if (prec + 2 > buf_remaining) {
+        prec = buf_remaining - 2;
+      }
       num_digits = prec;
       if (num_digits || alt_form) {
         *s++ = '.';
author	Yukihiro "Matz" Matsumoto <[email protected]>	2021-05-25 13:32:29 +0900
committer	Yukihiro "Matz" Matsumoto <[email protected]>	2021-05-25 13:32:29 +0900
commit	063b49ab8e6a10212c7f88e5b114b90fe59296f7 (patch)
tree	bb6e5a71ace3cb003e5c0037c14a680882069a84 /src
parent	afbc199ed3b0820f156681548bf91290a2be48f4 (diff)
download	mruby-063b49ab8e6a10212c7f88e5b114b90fe59296f7.tar.gz mruby-063b49ab8e6a10212c7f88e5b114b90fe59296f7.zip