Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
json: Fix undefined behaviour when converting integer to double
Coverity doesn't like this, complaining that assignment to an object
with overlapping storage without exact overlap and compatible types can
cause undefined behaviour.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
  • Loading branch information
dwmw2 committed May 5, 2021
1 parent b6a9dd4 commit 515fbfb
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions json/json.c
Expand Up @@ -783,10 +783,11 @@ json_value * json_parse_ex (json_settings * settings,
}

if (would_overflow(top->u.integer, b))
{ -- num_digits;
{ double dbl = (double)top->u.integer;
-- num_digits;
-- state.ptr;
top->type = json_double;
top->u.dbl = (double)top->u.integer;
top->u.dbl = dbl;
continue;
}

Expand Down Expand Up @@ -816,13 +817,14 @@ json_value * json_parse_ex (json_settings * settings,
}
else if (b == '.' && top->type == json_integer)
{
double dbl = (double)top->u.integer;
if (!num_digits)
{ sprintf (error, "%d:%d: Expected digit before `.`", line_and_col);
goto e_failed;
}

top->type = json_double;
top->u.dbl = (double) top->u.integer;
top->u.dbl = dbl;

flags |= flag_num_got_decimal;
num_digits = 0;
Expand All @@ -847,8 +849,9 @@ json_value * json_parse_ex (json_settings * settings,

if (top->type == json_integer)
{
double dbl = (double) top->u.integer;
top->type = json_double;
top->u.dbl = (double) top->u.integer;
top->u.dbl = dbl;
}

num_digits = 0;
Expand Down

0 comments on commit 515fbfb

Please sign in to comment.