From 8740533ddf5665846cb5f386625efab2f7462cf7 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 19 Jun 2019 14:03:34 +0200 Subject: [PATCH] Avoid more UB in round() --- Zend/zend_strtod.c | 2 +- ext/standard/math.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Zend/zend_strtod.c b/Zend/zend_strtod.c index f327ef4cd5..96d3ec8c95 100644 --- a/Zend/zend_strtod.c +++ b/Zend/zend_strtod.c @@ -2705,7 +2705,7 @@ zend_strtod L = c - '0'; s1 = s; while((c = *++s) >= '0' && c <= '9') - L = 10*L + c - '0'; + L = 10*L + (c - '0'); if (s - s1 > 8 || L > 19999) /* Avoid confusion from exponents * so large that e might overflow. diff --git a/ext/standard/math.c b/ext/standard/math.c index 5172bbbd6e..ddee343b1d 100644 --- a/ext/standard/math.c +++ b/ext/standard/math.c @@ -141,7 +141,7 @@ PHPAPI double _php_math_round(double value, int places, int mode) { /* If the decimal precision guaranteed by FP arithmetic is higher than the requested places BUT is small enough to make sure a non-zero value is returned, pre-round the result to the precision */ - if (precision_places > places && precision_places - places < 15) { + if (precision_places > places && precision_places - 15 < places) { int64_t use_precision = precision_places < INT_MIN+1 ? INT_MIN+1 : precision_places; f2 = php_intpow10(abs((int)use_precision)); -- 2.40.0