[Repo Assist] fix: prevent int overflow (UB) in l_strtod/l_strtof exponent parsing#155
Draft
github-actions[bot] wants to merge 1 commit into
Draft
Conversation
When parsing a very long exponent string such as '1e999999999999999', the accumulation loop 'exp = exp * 10 + digit' would overflow the int variable on the 10th or 11th digit, which is signed-integer overflow — undefined behaviour in C. Optimising compilers can produce garbage results or miscompile the surrounding code under the UB assumption. Fix: cap the accumulation at 10000 before multiplying, so the value never overflows. The existing downstream clamp (308 for double, 38 for float) still limits the loop count as before. Add two regression tests to test_strings.c covering the edge case for both l_strtod and l_strtof. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Apr 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 This is an automated pull request from Repo Assist.
Summary
Fixes signed-integer overflow (undefined behaviour) in
l_strtodandl_strtofwhen parsing exponent strings with 10 or more digits (e.g.,"1e999999999999999").Root Cause
Both parsers accumulate the exponent into a plain
int:For a 10+ digit exponent string such as
"1e99999999999",expoverflowsint(signed-integer overflow = UB in C). An optimising compiler can miscompile this code by assuming the overflow never occurs.Fix
Cap accumulation before the multiplication can overflow:
Same fix applied to
l_strtof.Tests
Regression tests added to
tests/test_strings.cfor both functions covering very-long exponent strings.Test Status
✅
./Taskfile test— all non-infrastructure tests pass.