From: Guido van Rossum <guido@python.org>
Date: Mon, 8 May 2000 14:29:38 +0000 (+0000)
Subject: Trent Mick:
X-Git-Tag: v2.0b1~1813
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c554505ca1318fd7aed32086ceb4b53ae767ffa3;p=python

Trent Mick:

Fix overflow bug in ldexp(x, exp). The 'exp' argument maps to a C int for the
math library call [double ldexp(double, int)], however the 'd'
PyArg_ParseTuple formatter was used to yield a double, which was subsequently
cast to an int. This could overflow.

[GvR: mysteriously, on Solaris 2.7, ldexp(1, 2147483647) returns Inf
while ldexp(1, 2147483646) raises OverflowError; this seems a bug in
the math library (it also takes a real long time to compute the
Inf outcome).  Does this point to a bug in the CHECK() macro?  It
should have discovered that the result was outside the HUGE_VAL range.]
---

diff --git a/Modules/mathmodule.c b/Modules/mathmodule.c
index a241c60aec..d01de90569 100644
--- a/Modules/mathmodule.c
+++ b/Modules/mathmodule.c
@@ -196,13 +196,13 @@ math_ldexp(self, args)
 	PyObject *self;
 	PyObject *args;
 {
-	double x, y;
-	/* Cheat -- allow float as second argument */
-        if (! PyArg_Parse(args, "(dd)", &x, &y))
+	double x;
+	int exp;
+	if (! PyArg_Parse(args, "(di)", &x, &exp))
 		return NULL;
 	errno = 0;
 	PyFPE_START_PROTECT("ldexp", return 0)
-	x = ldexp(x, (int)y);
+	x = ldexp(x, exp);
 	PyFPE_END_PROTECT(x)
 	CHECK(x);
 	if (errno != 0)