deny scientific notation exponents below -99

1e999 and 1e-999 were able to cause hangs as we use arbitrary precision numbers rather than floating point. this may change in the future (see sass/sass#2892)
2020-08-20 18:45:41 -04:00 · 2020-08-20 18:45:41 -04:00 · c19eda6f89
commit c19eda6f89
parent 921b6e4f8d
2 changed files with 16 additions and 0 deletions
--- a/src/parse/value/parse.rs
+++ b/src/parse/value/parse.rs
@ -407,6 +407,12 @@ impl<'a> Parser<'a> {
                        return Err(
                            ("Expected digit.", self.toks.peek().unwrap_or(&tok).pos).into()
                        );
+                    } else if times_ten.len() > 2 {
+                        return Err((
+                            "Exponent too negative.",
+                            self.toks.peek().unwrap_or(&tok).pos,
+                        )
+                            .into());
                    }
                } else if matches!(tok.kind, '0'..='9') {
                    self.toks.next();
--- a/tests/number.rs
+++ b/tests/number.rs
@ -154,3 +154,13 @@ test!(
    "a {\n  color: 999999999999999999 * 10;\n}\n",
    "a {\n  color: 9999999999999999990;\n}\n"
 );
+// we use arbitrary precision, so it is necessary to limit the size of exponents
+// in order to prevent hangs
+error!(
+    scientific_notation_too_positive,
+    "a {\n  color: 1e100;\n}\n", "Error: Exponent too large."
+);
+error!(
+    scientific_notation_too_negative,
+    "a {\n  color: 1e-100;\n}\n", "Error: Exponent too negative."
+);