Closed alaviss closed 1 month ago
Don't suppose there is an easy enough reproduction for a test, or do you think it's too implementation specific?
It's too implementation specific and won't be of any help if we move to a native impl at one point.
/merge
(updated the PR body slightly)
Merge requested by: @saem
Contents after the first section break of the PR description has been removed and preserved below:
## Notes for Reviewers * While Dragonbox is bundled with the project, it is not suitable for generating fixed-precision numbers. As such the current `printf`-based method continues to be used and migration to a native algorithm will have to be done later.
Summary
Fixed a potential buffer overflow in
struts.formatBiggestFloat
.Details
Previously,
strutils.formatBiggestFloat
was implemented usingsprintf
and as such came with a risk of buffer overflow. This was observed via tests in disruptek/insideout.sprintf
withsnprintf
.snprintf
.