in cases where rounding caused a carry, the slot into which the carry
was taking place was unconditionally treated as valid, despite the
possibility that it could be a new slot prior to the beginning of the
existing non-rounded number. in theory this could lead to unbounded
runaway carry, but in order for that to happen, the whole
uninitialized buffer would need to have been pre-filled with 32-bit
integer values greater than or equal to
999999999.
patch based on proposed fix by Morten Welinder, who also discovered
and reported the bug.
*d = *d + i;
while (*d > 999999999) {
*d--=0;
+ if (d<a) *--a=0;
(*d)++;
}
- if (d<a) a=d;
for (i=10, e=9*(r-a); *a>=i; i*=10, e++);
}
}
projects / musl / commitdiff