Opened 9 years ago
Closed 3 years ago
#9400 closed Bugs (fixed)
Boost spirit double_ parser crashes (array out of bounds) on values over 1e308
| Reported by: | Owned by: | Joel de Guzman | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | spirit |
| Version: | Boost 1.55.0 | Severity: | Showstopper |
| Keywords: | Cc: |
Description
How to reproduce:
std::string test = "00573e443ef8ec10b5a1f23ac8964c43c415cedf"; std::string::const_iterator s_begin = test .begin(); std::string::const_iterator s_end = test .end(); boost::spirit::qi::phrase_parse(s_begin, s_end, boost::spirit::qi::double_, boost::spirit::iso8859_1::space, out);
Note that this value get's interpreted as a double 573E+443.
There is an array index out of bounds in the function:
boost/spirit/home/support/detail/pow10.hpp, line 88
because the exponent larger than 308. I suggest throwing an exception here if the exponent is >308 so that we can handle if a user enters a value larger than the max double. Otherwise the double_ parser is unusable for user input or user provided data.
Change History (2)
comment:1 by , 8 years ago
comment:2 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
I have found that this is also the case when the value std::numeric_limits<double>::lowest() or ::max() are generated by karma. I'm trying to understand exactly how the generation works that causes it to have exp = 309, but haven't determined the cause yet.