shadowfacts/grass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deny scientific notation exponents below -99

Browse Source 
1e999 and 1e-999 were able to cause hangs as we use arbitrary precision
numbers rather than floating point. this may change in the future (see
sass/sass#2892)
This commit is contained in:
Connor Skees 2020-08-20 18:45:41 -04:00
parent 921b6e4f8d
commit c19eda6f89
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/parse/value/parse.rs
View File

@ -407,6 +407,12 @@ impl<'a> Parser<'a> {
return Err( return Err(
("Expected digit.", self.toks.peek().unwrap_or(&tok).pos).into() ("Expected digit.", self.toks.peek().unwrap_or(&tok).pos).into()
); );
} else if times_ten.len() > 2 {
return Err((
"Exponent too negative.",
self.toks.peek().unwrap_or(&tok).pos,
)
.into());
} }
} else if matches!(tok.kind, '0'..='9') { } else if matches!(tok.kind, '0'..='9') {
self.toks.next(); self.toks.next();

10
tests/number.rs
View File

@ -154,3 +154,13 @@ test!(
"a {\n color: 999999999999999999 * 10;\n}\n", "a {\n color: 999999999999999999 * 10;\n}\n",
"a {\n color: 9999999999999999990;\n}\n" "a {\n color: 9999999999999999990;\n}\n"
); );
// we use arbitrary precision, so it is necessary to limit the size of exponents
// in order to prevent hangs
error!(
scientific_notation_too_positive,
"a {\n color: 1e100;\n}\n", "Error: Exponent too large."
);
error!(
scientific_notation_too_negative,
"a {\n color: 1e-100;\n}\n", "Error: Exponent too negative."
);