Removed potential buffer overrun (spotted by Neil Booth) when NumericLiteralParser

converts a parsed literal into an APFloat. We are still performing a copy of the
string, which hopefully will be removed eventually for performance reasons. This
version now is at least safe.

Changed rounding in APFloat construction in NumericLiteralParser from rmTowardsZero
to rmNearestTiesToEven.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@44422 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 8 insertions, 13 deletions

diff --git a/Lex/LiteralSupport.cpp b/Lex/LiteralSupport.cpp
index ebc66271db..f6d1a867a3 100644
--- a/Lex/LiteralSupport.cpp
+++ b/Lex/LiteralSupport.cpp
@@ -413,26 +413,21 @@ llvm::APFloat NumericLiteralParser::
 GetFloatValue(const llvm::fltSemantics &Format, bool* isExact) {
   using llvm::APFloat;
   
-  char floatChars[256];
-  strncpy(floatChars, ThisTokBegin, ThisTokEnd-ThisTokBegin);
-  floatChars[ThisTokEnd-ThisTokBegin] = '\0';
-
-#if 1
+  llvm::SmallVector<char,256> floatChars;
+  for (unsigned i = 0, n = ThisTokEnd-ThisTokBegin; i != n; ++i)
+    floatChars.push_back(ThisTokBegin[i]);
+  
+  floatChars.push_back('\0');
+  
   APFloat V (Format, APFloat::fcZero, false);
-
   APFloat::opStatus status;
-  status = V.convertFromString(floatChars,APFloat::rmTowardZero);
+  
+  status = V.convertFromString(&floatChars[0],APFloat::rmNearestTiesToEven);
   
   if (isExact)
     *isExact = status == APFloat::opOK;
   
   return V;
-#else
-  // FIXME: this is horrible!
-  APFloat V(strtod(floatChars, 0));
-  V.convert(Format, APFloat::rmTowardZero);
-  return V;
-#endif
 }
 
 void NumericLiteralParser::Diag(SourceLocation Loc, unsigned DiagID,