From df3fe19cd90688dd84e20ed138aefd5aac7d7b26 Mon Sep 17 00:00:00 2001 From: Robert Fancsik Date: Tue, 29 Aug 2017 15:26:30 +0200 Subject: [PATCH] Fix for issue #1974 The buffer size was previously badly computed since scale == 0 case was not checked, therefore the buffer size was smaller than intended. This patch fixes this issue. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu --- .../ecma-builtin-number-prototype.c | 4 ++-- tests/jerry/regression-test-issue-1974.js | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 tests/jerry/regression-test-issue-1974.js diff --git a/jerry-core/ecma/builtin-objects/ecma-builtin-number-prototype.c b/jerry-core/ecma/builtin-objects/ecma-builtin-number-prototype.c index 8a36250aba..febd1f1332 100644 --- a/jerry-core/ecma/builtin-objects/ecma-builtin-number-prototype.c +++ b/jerry-core/ecma/builtin-objects/ecma-builtin-number-prototype.c @@ -290,10 +290,10 @@ ecma_builtin_number_prototype_object_to_string (ecma_value_t this_arg, /**< this } int buff_size = 1; - if (is_scale_negative) + if (is_scale_negative || scale == 0) { double counter = this_arg_number; - while (counter > radix) + while (counter >= radix) { counter /= radix; buff_size++; diff --git a/tests/jerry/regression-test-issue-1974.js b/tests/jerry/regression-test-issue-1974.js new file mode 100644 index 0000000000..bbfeb41dba --- /dev/null +++ b/tests/jerry/regression-test-issue-1974.js @@ -0,0 +1,15 @@ +// Copyright JS Foundation and other contributors, http://js.foundation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +assert((39000000000000700).toString(2) == "10001010100011100100101100011010001111011000001011000000");