Permalink
Browse files

Fix out-of-bounds read discovered by libFuzzer.

locale_independent_strtonum returned str-1 incorrectly if there was
overflow, because s.fail() was set, which causes s.tellg() to return -1.
Change: 136790139
  • Loading branch information...
dave-andersen authored and tensorflower-gardener committed Oct 21, 2016
1 parent 7b4af07 commit 7231d01fcb2cd9ef9ffbfea03b724892c8a4026e
Showing with 2 additions and 0 deletions.
  1. +2 −0 tensorflow/core/lib/strings/numbers.cc
@@ -86,9 +86,11 @@ T locale_independent_strtonum(const char* str, const char** endptr) {
if (result == std::numeric_limits<T>::max()) {
result = std::numeric_limits<T>::infinity();
real_fail = false;
s.clear(s.rdstate() & ~std::ios::failbit);
} else if (result == -std::numeric_limits<T>::max()) {
result = -std::numeric_limits<T>::infinity();
real_fail = false;
s.clear(s.rdstate() & ~std::ios::failbit);
}
}

0 comments on commit 7231d01

Please sign in to comment.