Ticket #13949: 0001-strtod-Do-not-consume-x-in-incomplete-hex-input.patch

src/system/libroot/posix/glibc/stdlib/strtod.c

@@ -674 +674 @@
 
   /* If no other digit but a '0' is found the result is 0.0.
      Return current read pointer.  */
-  if ((c < L_('0') || c > L_('9'))
-      && (base == 16 && (c < TOLOWER (L_('a')) || c > TOLOWER (L_('f'))))
+  if (!((c >= L_('0') && c <= L_('9'))
+    || (base == 16 && ((CHAR_TYPE) TOLOWER (c) >= L_('a')
+               && (CHAR_TYPE) TOLOWER (c) <= L_('f')))
+    || (
 #ifdef USE_WIDE_CHAR
-      && c != decimal
+        c == (wint_t) decimal
 #else
-      && ({ for (cnt = 0; decimal[cnt] != '\0'; ++cnt)
-          if (decimal[cnt] != cp[cnt])
-        break;
-        decimal[cnt] != '\0'; })
+        ({ for (cnt = 0; decimal[cnt] != '\0'; ++cnt)
+         if (decimal[cnt] != cp[cnt])
+           break;
+           decimal[cnt] == '\0'; })
 #endif
-      && (base == 16 && (cp == start_of_digits || TOLOWER (c) != L_('p')))
-      && (base != 16 && TOLOWER (c) != L_('e')))
+        /* '0x.' alone is not a valid hexadecimal number.
+           '.' alone is not valid either, but that has been checked
+           already earlier.  */
+        && (base != 16
+        || cp != start_of_digits
+        || (cp[decimal_len] >= L_('0') && cp[decimal_len] <= L_('9'))
+        || ((CHAR_TYPE) TOLOWER (cp[decimal_len]) >= L_('a')
+            && (CHAR_TYPE) TOLOWER (cp[decimal_len]) <= L_('f'))))
+    || (base == 16 && (cp != start_of_digits
+               && (CHAR_TYPE) TOLOWER (c) == L_('p')))
+    || (base != 16 && (CHAR_TYPE) TOLOWER (c) == L_('e'))))
     {
       tp = correctly_grouped_prefix (start_of_digits, cp, thousands, grouping);
       /* If TP is at the start of the digits, there was no correctly