From bfc5f09979d49867b373b9433edf37adce8c66dd Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 13 Sep 2019 18:24:15 -0400
Subject: Detect overflow or underflow on double config values.

Any floating point value too positive or negative to distinguish
from +/-Inf, or too small to distinguish from +/-0, is an
over/underflow.
---
 src/lib/confmgt/type_defs.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'src/lib/confmgt')

diff --git a/src/lib/confmgt/type_defs.c b/src/lib/confmgt/type_defs.c
index 137af4ed9e..6b0eac7823 100644
--- a/src/lib/confmgt/type_defs.c
+++ b/src/lib/confmgt/type_defs.c
@@ -37,6 +37,7 @@
 
 #include <stddef.h>
 #include <string.h>
+#include <errno.h>
 
 //////
 // CONFIG_TYPE_STRING
@@ -284,15 +285,23 @@ double_parse(void *target, const char *value, char **errmsg,
   (void)errmsg;
   double *v = (double*)target;
   char *endptr=NULL;
+  errno = 0;
   *v = strtod(value, &endptr);
   if (endptr == value || *endptr != '\0') {
     // Either there are no converted characters, or there were some characters
     // that didn't get converted.
     tor_asprintf(errmsg, "Could not convert %s to a number.", escaped(value));
     return -1;
-  } else {
-    return 0;
   }
+  if (errno == ERANGE) {
+    // strtod will set errno to ERANGE on underflow or overflow.
+    bool underflow = -.00001 < *v && *v < .00001;
+    tor_asprintf(errmsg,
+                 "%s is too %s to express as a floating-point number.",
+                 escaped(value), underflow ? "small" : "large");
+    return -1;
+  }
+  return 0;
 }
 
 static char *
-- 
cgit v1.2.3-54-g00ecf