Fix 1-byte buffer overrun

Summary: Fix 1-byte buffer overrun when parsing the string "-". Reviewed By: mhlakhani Differential Revision: D22695995 fbshipit-source-id: 9d1834c068fc3889a514b77d53d626eb6f72b6c6

Fix 1-byte buffer overrun
Summary: Fix 1-byte buffer overrun when parsing the string "-". Reviewed By: mhlakhani Differential Revision: D22695995 fbshipit-source-id: 9d1834c068fc3889a514b77d53d626eb6f72b6c6
1e3603df · Nick Terrell · Facebook GitHub Bot · 6958370b · 1e3603df · 1e3603df
Commit 1e3603df authored Jul 28, 2020 by Nick Terrell Committed by Facebook GitHub Bot Jul 28, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

folly/Conv.cpp folly/Conv.cpp +4 -0

folly/test/ConvTest.cpp folly/test/ConvTest.cpp +4 -0

No files found.
--- a/folly/Conv.cpp
+++ b/folly/Conv.cpp
@@ -407,7 +407,11 @@ Expected<Tgt, ConversionCode> str_to_floating(StringPiece* src) noexcept {
    negative = true;
    ++b;
    --size;
+    if (size == 0) {
+      return makeUnexpected(ConversionCode::STRING_TO_FLOAT_ERROR);
+    }
  }
+  assert(size > 0);

  result = 0.0;


--- a/folly/test/ConvTest.cpp
+++ b/folly/test/ConvTest.cpp
@@ -1201,6 +1201,10 @@ TEST(Conv, TryStringToFloat) {
  auto rv2 = folly::tryTo<float>("3.14");
  EXPECT_TRUE(rv2.hasValue());
  EXPECT_NEAR(rv2.value(), 3.14, 1e-5);
+  // No trailing '\0' to expose 1-byte buffer over-read
+  char x = '-';
+  auto rv3 = folly::tryTo<float>(folly::StringPiece(&x, 1));
+  EXPECT_FALSE(rv3.hasValue());
 }

 TEST(Conv, TryStringToDouble) {